CISSP Study Notes Chapter 17 - Preventing and Responding to Incidents
Chapter 17 goes over conducting logging and monitoring activities, conducting incident management, and operating and maintaining detective and preventative measures.
Writing code & automating IT
Chapter 17 goes over conducting logging and monitoring activities, conducting incident management, and operating and maintaining detective and preventative measures.
Chapter 16 goes over securely provisioning resources, understanding and applying foundational security operations concepts, applying resource protection techniques, implementing and supporting patch and vulnerability management, understanding and participating in change management, and addressing personnel safety and security concerns.
Chapter 15 is a hefty chapter which covers designing and validating assessment, test, and audit strategies, conducting security control testing, collecting security process data, and then analyzing test output, and conducting security audits.
Chapter 14 is about identity and access management (IAM), and discusses all kinds of different access control: role based, rule based, mandatory,discretionary, and attribute based.
Chapter 13 is an important chapter that gets into controlling physical and logical access to assets, managing identification and authentication of people, devices and services, integrating identity as a third-party service, and managing the identity and access provisioning lifecycle.
Chapter 12 gets into implementing secure communications channels according to design for voice, multimedia, remote access, data communications, and virtualized networks.
Chapter 11 goes over a lot of networking topics including the OSI and TCP/IP models, IP networking, multilayer protocols, converged protocols, software-defined networks, wireless networks, and a whole bunch of hardware items.
Chapter 10 covers implementing site and facility security controls, designing sites and facilities, and generally protecting things from physical threats.
Chapter 9 gets into assessing and mitigating the vulnerabilities of security architectures, designs, and solution elements. It also talks about assessing and mitigating vulnerabilities in web-based systems, mobile systems, and embedded devices.
Chapter 8 covers implementing and managing engineering processes using secure design principles, the fundamental concepts of security models, how to select controls based on security requirements, and understanding security capabilities of information systems.
Chapter 7 is all about applying cryptography. It covers the cryptographic lifecycle, methods, Public Key Infrastructure, and key management practices. It also covers Digital signatures, nonrepudiation, integrity, cryptanalytic attacks, and Digital Rights Management.
Chapter 6 covers data security controls, understanding data states, and then it gets into cryptography. This chapter goes into assessing and mitigating vulnerabilities of systems related to cryptography, cryptographic lifecycle and methods, nonrepudiation, and data integrity.
Chapter 5 is concerned with asset security. It discusses identifying and classifying information and assets, as well as determining how to maintain assets and identify asset owners. Chapter 5 also talks about protecting privacy, ensuring proper asset retention, determining data security controls, and establishing information and asset handling requirements.
Chapter 4 covers a variety of topics related to determining compliance requirements, contractual and legal standards, and privacy requirements. It also includes information to help you understand legal and regulatory issues that relate to information security in a global context like data breaches, licensing requirements, and privacy.
This chapter discusses how to identify, analyze, and prioritize business continuity requirements, including developing the scope and the plan. It also talks about business impact analysis, and how to participate in BC planning and exercises.
This chapter is about working with risk. Human weaknesses are discussed at the beginning and end of the chapter in the form of job descriptions, and then about training. This chapter also discusses how to think about risk, define risks correctly, and how to think about countermeasures and other responses to risk.
Last summer I spent about a month studying for and getting my Certified Information Systems Security Professional (CISSP) certification from ISC2. I went about studying for the test a few ways:
Whoa, it’s been a while since I got a post out. Between my slower posting schedule and the fact that I moved from WordPress to GitHub pages (and changed the domain), it’s a miracle I have any SEO points left at all! Anyway, that’s not really the point of this post. The point of this post is to talk about the cool event I attended recently in Columbus, Ohio. Spoiler alert: I was blown away.
Starting with PowerShell 6, the whole language is open source. You’ve probably heard about that already. But if you don’t think of yourself as a “developer”, then it’s possible that the most you’ve ever taken advantage of that fact is creating a GitHub issue or commenting on a PR. Today, follow along with me, and we’ll change that.
If you’ve found your way to this blog, you probably already have a reasonable understanding of basic PowerShell concepts (or maybe that’s a foolish assumption). But, how about all your coworkers? And for you, you’re probably not done learning yet. There are plenty of ways to learn PowerShell - books, online courses, stealing code from blogs - but in my opinion, the best way to learn PowerShell is by writing PowerShell.
So let me say first, there are WAY more than 6 git commands you should know if you’re working with a project that uses git. However, when you’re first getting started, there are 6 git commands that you can’t get away without knowing. Here they are.
This is really just an obligatory post to announce that I’ve moved my blogging habits from workingsysadmin.com to this URL, thomasrayner.ca. Why? Well I’ll tell you why.
It’s been a little while since I’ve managed to get a blog post out! Not to worry, though, as I’ve been nice and busy. One of the things I’ve been working on lately is writing a VSTS- I mean Azure DevOps extension.
If you haven’t been to the PowerShell & DevOps Global Summit, let me tell you that the lightning demos are an ultra fun and informative part of the conference. It’s so cool to see what other people are doing with PowerShell that you’d never think of because it’s not what you’re used to working on. I love the fact that PowerShell is so many places, with so much flexibility, that it creates countless opportunities for interesting, meaningful projects.
Are you going to be at Techmentor Redmond next week? I will be! You can catch me at my workshop on Monday and learn some Master Powershell tricks, or at my session on Tuesday to learn to write code that doesn’t suck. I’ll also be hanging around the rest of the conference, dinner events, and other people’s sessions.
Back in March, I had the opportunity to link up with Microsoft Cloud Advocate Damian Brady and record an episode of The DevOps Lab. We chatted a little bit about the MVP Summit and being an MVP (which I am no longer, since I’ve joined Microsoft as an employee), and then get down to business administering Azure Automation purely through the AzureRM PowerShell module.
In the PowerShell Slack (invite yourself at bit.ly/psslack), there was a very brief debate over when the Expand-Archive cmdlet was introduced to PowerShell. This is absolutely information that can be found online, but there’s a few different ways.
If you’re active on social media and follow things about PowerShell, you’ve probably already seen some information about the PowerShell Conference Book. It’s a community effort that was created to support the PowerShell.org OnRamp Scholarship Program.
On July 1, I was notified that I was I was re-awarded as a Microsoft Most Valuable Professional (MVP)! Being an MVP is an enormous privilege, and has been a huge benefit to me professionally. If you’re not familiar with the MVP Program, it’s basically an award given to independent technologists who share technical knowledge with the community. That might mean blogging, public speaking, creating videos, being active on social media, answering questions on technical forums, or lots of other things.
If you’re used to working in VS Code or the PowerShell ISE, you’ve undoubtedly enjoyed intellisense which is the feature that shows you all the tab completion options at once. That functionality is really handy, but what if you’re in the PowerShell console? The little overlayed windows don’t pop up there with your completion options. You can still tab through until you find what you want, but it’s not the same.
Did you know that you can use Where-Object to split a collection into two arrays? Like, if you had an array containing the numbers 1 to 10, you could split it into one array of even numbers, and another array of odd numbers? It’s pretty cool. Thanks Herb Meyerowitz for this tip!
Maybe you have a login script or something else that’s written in PowerShell that you want to run without having any kind of window pop up - not even a blank one. There’s a few ways to do this, but my current favorite is to wrap it in C#. Thanks Mark Kraus for this tip!
With this post, I’ve got a new post up on this blog every Wednesday morning for a year. I’m pretty proud of that! There are certainly more prolific bloggers out there, especially in this space, but for me, this is quite the accomplishment. This is weekly consecutive blog post number 53.
If you’ve written at least a couple of advanced PowerShell functions, you’re probably no stranger to parameter validation. These are the attributes you attach to parameters to make sure that they match a certain regular expression using [ValidatePattern()], or that when they are plugged into a certain script, that it evaluates to true using [ValidateScript({})]. You’ve probably also used [ValidateRange()] to make sure a number falls between a min and a max value that you specified.
Regular visitors of this blog are used to seeing PowerShell and DevOps content, and this is a little bit of a divergence since it’s written in C#, and it’s a .NET Core MVC Azure Web App, but if it found itself on my plate, maybe it will find itself on yours. I was tasked with writing an Azure Web App that users would visit, sign into using their Azure Active Directory (ie: “Work or School”) account, to test if their Conditional Access and MFA was configured properly. Once logged in, a little information about the user is displayed.
How’s this for a niche topic? If you want to move to Azure AD P2 Conditional Access and have users who are on P1 MFA, then in order to move them over, you have to disable and re-enable MFA on their account - or at least that’s what one PFE told me. The problem is, when you do that, you lose their options like if they prefer to enter a code from the app, receive a text, etc. by default. Wouldn’t it be nice if you could keep that stuff?
I had the pleasure of presenting a session at the PowerShell and DevOps Global Summit in Bellevue in April 2018 and the session recordings went live last week. My session was titled A Crash Course in Building Your Own PSScriptAnalyzer Rules and it’s a pretty fast 45 minutes. I’ve been getting lots of wonderful feedback on it, so if this is something you might be into, please give the recording a watch! It’s easier than you might think.
In full disclosure, this post contains information that a user experience expert might frown at. I’m not really sure, since I’m not a user experience expert. I do know a lot about PowerShell, however, and that’s really what this post is about.
If you’ve seen any of the recent talks from Microsoft employees and MVPs about PowerShell, it’s hard to miss that Visual Studio Code (VS Code/VSCode) is the new hot place to be writing your PowerShell code. VSCode with the PowerShell extension is the current Microsoft-recommended coding environment, whereas it used to be PowerShell ISE. ISE isn’t dead (there are lots of posts on that), it’s just considered to be complete, and all current development effort is focused on VSCode.
I’ve just got back from the PowerShell and DevOps Global Summit in Bellevue, WA where I had the great pleasure of attending tons of excellent sessions on a bunch of PowerShell and DevOps topics. The main tracks were all recorded (hopefully uploaded soon, will update with link) but the side sessions were not.
Sometimes, while you’re poking around in the console, you want to re-run the last command. Sure, you can hit the up arrow and enter, but PowerShell always gives you multiple ways to do things.
After the modest success of my last DevOps Story Time post on getting out of your own way, I feel like it’s time for another. This time, on the value of taking risks, and taking away a win even when you realize one of the risks you were afraid of.
Sometimes Write-Host gets a bad reputation. Lots of people will repeat inflammatory rhetoric that “Write-Host” kills puppies, and so on, but the only real problem with Write-Host is that people use it without knowing what it’s for. Write-Host is for writing to the console and only the console.
Did you know that PowerShell supports the usage of partial parameter names? This isn’t such a big deal since tab completion is a thing… and if you’re writing code, you want to use the full parameter name to provide clarity and readability… but sometimes this is handy. Whether it’s for code golf, or just noodling around in the console, you don’t have to specify the full name of a parameter, just enough for it to be unique.
Normally in PowerShell if you want to report progress on a long running task, you’d use a progress bar using the Write-Progress cmdlet. That’s definitely the right way to do this, but what if you wanted a different way… for some reason? In the PowerShell Slack (invite yourself: slack.poshcode.org), I recently answered this question: “I want to write out ‘There are 3 seconds remaining. There are 2 seconds remaining.’ etc. until there are no seconds remaining and then keep going, but I don’t want them all to appear on the different lines. I basically just want the number to update.”
Working with Azure resources can be a bit of an adventure sometimes. Say you want to update a tag on an Azure resource. Not remove it, but change its value. If you try to add a tag with the same name but different value, you’ll get an error that the tag already exists. Some of the ways you have available to get rid of a tag involve dropping all the other tags assigned to a resource. So, what do you do?
I’m very excited to share that my newest Pluralsight course was published over the weekend: Azure Automation: Diving Deeper. This builds on my first course, Getting Started with Azure Automation.
First and foremost, HTML is not regex friendly. You should not try to parse HTML in PowerShell, or using regular expressions unless you’ve lost some kind of bet or want to punish yourself for something. PowerShell has things like ConvertTo-HTML that will make that kind of thing way less migraine inducing.
When you double click a file in Explorer.exe, it automatically opens in its default program if it has one associated with its type. But did you know you can do the same thing using PowerShell?
In PowerShell, there is usually at least a few ways to do most tasks and detecting if the last command resulted in an error or if it worked is no exception. You could wrap code in a try/catch block, but sometimes that’s overkill. Regardless of your reason for wanting to get the work/borked status of the last command, here are a couple simple ways of doing it.
Are you a user group leader or event organizer who’s looking for speakers? I’d love to connect. I do my best to keep my eye out for CFPs and other speaker solicitations, but it doesn’t hurt to advertise my availability. Most of the dates I’m available to travel for speaking events in 2018 are taken, but I still have a bunch of dates I’m available to do virtual and remote events.
There are a handful of different ways to create custom objects in PowerShell, including building one from a hash table. You might do something like this.
PS> $props = @{'prop1' = 1; 'prop2' = 2}
PS> $obj = New-Object -TypeName PSObject -Property $props
But then, just run $obj and see what you get. This is what I got. ``` PS> $obj
Starting now, I’m experimenting with new post formats on my blog. Instead of just technical posts describing code, I’m going to begin posting some more free-form articles. Like this one, where I’m going to share a story with you that has some moral relating back to IT.
In the PowerShell Slack, I recently answered a question along these lines. Say you have a string that reads “first thing {} second thing {}” and you want to get to “first thing {0} second thing {1}” so that you can use the -f operator to insert values into those spots. For instance…
"first thing {0} second thing {1}" -f $(get-date -format yyyy-MM-dd), $(get-random)
# Will return "first thing 2018-01-10 second thing <a random number>"
The question is: how can you replace the {}’s in the string to {<current number>}?
[regex]::replace($string, “{}”, {“{$($i)}”; $i++}) [regex]::replace($string, “{}”, {“{$($global:i)}”; $global:i++})
If you’re a frequent reader of my blog, you know that I mostly post about PowerShell, Microsoft related automation, and that sort of thing. In a previous life, however, I thought I wanted to make a career out of infosec - particularly penetration testing and red team type of stuff. I’m super happy with where my career went instead, but from time to time, I enjoy attempting to knock some of the rust off my ethical hacking/pentesting skills (what little of them there are), and trying my hand at some vulnerable by design boxes. Since it’s the holiday season, I decided to switch things up a little bit for the last couple blog posts.
If you’re a frequent reader of my blog, you know that I mostly post about PowerShell, Microsoft related automation, and that sort of thing. In a previous life, however, I thought I wanted to make a career out of infosec - particularly penetration testing and red team type of stuff. I’m super happy with where my career went instead, but from time to time, I enjoy attempting to knock some of the rust off my ethical hacking/pentesting skills (what little of them there are), and trying my hand at some vulnerable by design boxes. Since it’s the holiday season, I decided to switch things up a little bit for the next couple blog posts.
If you’re a frequent reader of my blog, you know that I mostly post about PowerShell, Microsoft related automation, and that sort of thing. In a previous life, however, I thought I wanted to make a career out of infosec - particularly penetration testing and red team type of stuff. I’m super happy with where my career went instead, but from time to time, I enjoy attempting to knock some of the rust off my ethical hacking/pentesting skills (what little of them there are), and trying my hand at some vulnerable by design boxes. Since it’s the holiday season, I decided to switch things up a little bit for the next couple blog posts.
Working with strings in PowerShell is fun, I don’t care what you say. In this post, I’m going to show you how to clean up the strings your code outputs, at least in some situations.
If you’re just getting started in PowerShell, it’s possible that you haven’t bumped into this specific issue yet. Perhaps you’ve got a variable $users and you’re assigning it a value like this.
PS> $users = Get-ADUser -Filter "samaccountname -like '*thmsrynr'"
This will get all the users in your Active Directory whose username ends with “thmsrynr”.
If you’re just getting started in PowerShell, it’s possible that you haven’t bumped into this specific issue yet. Say you’ve got a variable named $user and this is how you assigned a value to it.
If you’ve used the Azure Resource Manager (AzureRM) PowerShell module much, you may have noticed it may sometimes behave strangely. In this post, I’m going to share one that had me stuck for longer than I care to admit…
Say you’ve got a hashtable with a bunch of data in it, but the key is not a string. How do you refer to specific items?
I have previously written about working with the ServiceNow API, and I’ve continued to use it since my last post on the topic. One of the things that I find myself doing a lot is using PowerShell to add a work note to an incident. Luckily, ServiceNow has an API that you can use to interact with it and do this (among many other things).
Registration for the PowerShell + DevOps Global Summit just opened today. This thing sells out every year so now is the time to start getting approval to attend if you need it, and buy a ticket.
As a best practice, as an administrator you should have separate accounts for your normal activities (emails, IM, normal stuff) and your administrative activities (resetting passwords, creating new mailboxes, etc.). It’s obviously best not to log into your normal workstation as your administrative user. You’re also absolutely not supposed to remote desktop into a domain controller (or another server) just to launch a PowerShell console, import the ActiveDirectory module, and run your commands. Here’s better way.
Last week, I wrote a post on the difference between .split() and -split in PowerShell. This week, we’re going to keep splitting strings, but we’re going to try to retain the character that we’re splitting on. Whether you use .split() or -split, when you split a string, it takes that character and essentially turns it into the separation of the two items on either side of it. But, what if I want to keep that character instead of losing it to the split?
Here’s a question I see over and over and over again: “I have a string and I’m trying to split it on this part, but it’s jumbling it into a big mess. What’s going on?” Well, there’s splitting a string in PowerShell, and then there’s splitting a string in PowerShell. Confused? Let me explain.
In PowerShell, when outputting data to the console, it’s typically either organized into a table or a list. You can force output to take either of these forms using the Format-Table and the Format-List cmdlets, and people who write PowerShell cmdlets and modules can take special steps to make sure their output is formatted as they desire. But, when no developer has specifically asked for a formatted output (for example, by using a .format.ps1xml file to define how an object is formatted), how does PowerShell choose to display a table or a list?
Recently, I was helping someone in a forum who was trying to figure out what kind of object their command was returning. They knew about the standard cmdlets people suggest when you’re getting started (Get-Help, Get-Member, and Get-Command), but couldn’t figure out what was coming back from a specific command.
The Pester people don’t really recommend this, but, I find it can be really helpful sometimes. What I’m talking about is dynamically creating assertions inside of a Pester test using PowerShell. While I think you should strive to follow best practices, sometimes what’s best for you isn’t always a best practice, and as long as you know what you’re doing, I think you can get away with bending the rules sometimes. Don’t tell anyone I said that.
With Windows 10, you can install Bash on Windows. Cool, right? Having Bash on Windows goes a long way towards making Windows a more developer-friendly environment and opens a ton of doors. The one I’m going to show you today is more of a novelty than anything else, but maybe you’ll find something neat to do with it.
There’s a few ways to get all of the shared folders on a server, but not all of them work for all versions of Windows Server. You can use the Get-SmbShare cmdlet, or you can make CIM/WMI do the work for you. I’ll show you what I prefer, though.
ServiceNow is a cloud computing company whose software is used for IT Service Management based on ITIL standards. They’ve got a bunch of different modules for managing problems and incidents, operations management, performance analytics, and more. You there some custom development you can do to modify their solutions or build your own. It’s pretty flexible, and we use it where I work.
I try my best to make new technical posts on this blog every Wednesday morning. They vary in length, skill level, and sometimes even usefulness. Today I wanted to share that my first Pluralsight course was published last week: Getting Started with Azure Automation.
Here’s a way to see how many files are in a directory, using PowerShell.
Say you have a CSV file full of awesome, super great, amazing information. It’s perfect, except it’s missing a column. Luckily, you can use Select-Object along with the other CSV cmdlets to add a column.
I could write an entire book on “why does my PowerShell console take so long to load?” but I don’t want to write that book. Instead, here’s a way to make sure the reason your console is loading slowly isn’t because of something dumb.
The days of using ping.exe to see if a host is up or down are over. Your network probably shouldn’t allow ICMP to just fly around unaddressed, and your hosts probably shouldn’t return ICMP echo request (ping) messages either. So how do I know if a host is up or not?
It’s July at the time of this post, which means Christmas is right around the corner! Maybe not. How long is it until Christmas, anyway? Well, PowerShell can tell us if we get the date of Christmas and subtract today’s date from it.
Most of the time, a PowerShell cmdlet will return all the information you need to work with it later in the pipeline. Sometimes, though, there’s some assembly required. What I mean, is maybe the cmdlet returned the information you need, but not in the format you want, or you wish you had some property multiplied by some other property. Let’s explore.
There’s lots of fun things you can do with datetime objects in PowerShell, and using the Get-Date cmdlet. Here’s one of them.
Last week, I put out a post about using Select-Object to explore PowerShell objects. This week, I am going to quickly cover using Get-Member to do the same.
When you’re first getting started with PowerShell, you may not be aware that sometimes when you run a command to get data, the information returned to the screen is not ALL the information that the command actually returned.
Say you’ve got a function that takes three parameters: Username, ComputerName and SessionName, but you don’t want someone to use ComputerName and SessionName at once. You decide to put them in separate parameter sets. Awesome, except you want Username to be a part of both parameter sets and it doesn’t look like you can specify more than one.
Using PowerShell to manage your Microsoft cloud services like Exchange Online is awesome. Using multi-factor authentication (MFA) is also awesome. For some reason, using the two together is not awesome. Many of the Microsoft docs on this seem to suggest you just perform all your administrative tasks from a shell that you launch entirely separately from a normal PowerShell console. I would rather be able to connect to Exchange Online using MFA via PowerShell through a normal console, or as part of another tool. Let me show you how.
I’ve got a number of custom PSScriptAnalyzer rules that I sometimes run. A little while ago I uploaded them to GitHub to share with others. Today I’m going to walk you through the AvoidImproperlyCapitalizedFunctionNames rule I wrote.
Recently, I have found myself doing a lot of CLI PowerShell demos. Normally, I have a prompt that uses Joel Bennet’s PowerLine module and looks like this.
So, you’ve got a certificate stored in Azure Key Vault that you want to download with PowerShell and use on a computer, or some hosted service. How do you get it and actually use it? Well, here, I’ll show you.
If you work with the ActiveDirectory PowerShell module, you’ve probably used the -filter parameter to search for accounts or objects in Active Directory. You’ve probably wanted to use variables in those filters, too.
You can use the UserAccountControl property of an Active Directory user object to enable and disable all kinds of neat functionality: https://support.microsoft.com/en-ca/kb/305144. One of the things you can enable is for a user to have no password (bit in the 32 position).
Pardon the long title. I had a task recently to go through a big folder full of scripts written by random people with equally random skill levels. Lots of the scripts had a -Verbose parameter, but they weren’t all done correctly.
Yesterday, Microsoft’s Ed Wilson announced the Honorary Scripting Guys for 2016. I am honored and very proud to be the newest Honorary Scripting Guy, joining this year’s repeat winners: Sean Kearney, Teresa Wilson, and Will Anderson.
Can you tell in PowerShell if a string ends in a specific character, or if it starts in one? Of course you can. Regex to the rescue!
A little while ago, I fielded a question in the PowerShell Slack channel which was “How do I make sure a variable, which is an int, is of a certain length?”
For the PowerShell 10 Year Anniversary, Will Anderson (@GamerLivingWill on Twitter) and I (@MrThomasRayner on Twitter) ran a three-hole code golf competition on code-golf.com, a site developed by fellow MVP Adam Driscoll.
By default, Copy-Item will overwrite a file if it exists, unless that file is marked Read Only (in which case you can use the -Force switch to overwrite the file). What if you want to only copy the file if it doesn’t exist, though? What then?
Recently, I needed to get a list of all the security patches I’d installed on a group of servers in the last year. It turns out that there’s a WMI class for this and it’s super easy to retrieve this info.
Recently I was challenged by a coworker to use PowerShell to list all the fonts in a Word document. It turned out to be easier than I thought it would be… but also slower than I thought it would be. Here’s what I came up with.
In the PowerShell Slack channel (powershell.slack.com) a question came up along the lines of “I have a script that needs to pass a datetime object, but sometimes I’d like that datetime object to be null”. Never mind that maybe the script could be re-architected. Let’s solve this problem.
I recently found myself poking around in PowerShell and going “oh, good now I want to copy and paste that output into an email/dialog box/tweet/notepad/another script/complaint box” and either trying to copy and paste it out of PowerShell or hitting the up arrow and piping whatever the last command was into Set-Clipboard. What a hassle.
If you’ve got a value like the following…
A little while ago, I fielded a question in the PowerShell Slack channel which was “How do I send an email automatically whenever a change is made to a specific file?”
If you don’t know what Pester is, it’s a framework for running unit tests and validating PowerShell code. Also, it’s awesome. In May I finally dipped my toe in the water with a pretty simple test for a REALLY simple function. I’m not going to go into a world of detail on how exactly all my Pester code works because there are tons of guides for that. What I’m going to do instead is provide a quick run down of what I came up with.
Here’s a bit of an obscure task. In Exchange you can configure the AcceptMessagesOnlyFromDLMembers attribute which does what it sounds like it does: it only allows the mail recipient to accept messages from members of specific distribution lists. The problem is, there’s no built in method for appending a distribution list (DL) to an existing list of DLs. If you set AcceptMessagesOnlyFromDLMembers equal to a value, it overwrites what was there before. So, I wrote a quick script to append a value instead of overwriting it. You’ll need a remote Exchange Management Shell and the AD management module for this.
If you have a modern version of Active Directory, you have the opportunity to enable the Active Directory Recycle Bin. Once enabled, you have a chance to recover a deleted item once it has been removed from Active Directory.
I recently had a need to add a bunch of random users to a specific OU in Active Directory to do some testing. I didn’t care what their names were, but, I wanted to be able to find all the users that belonged to each batch. Here’s the script I wrote to do this.
Today is my birthday and so I don’t feel like doing a whole ton of work. I do, however, feel like celebrating. Obviously that means singing Happy Birthday. That should be a pretty easy PowerShell task. In fact, it’s made even easier by the fact that fellow Microsoft MVP Trevor Sullivan already wrote and shared a script to do it. Here it is on the Microsoft Script Gallery: https://gallery.technet.microsoft.com/A-PowerShell-Happy-983c1253.
Here’s a super easy way to detect special characters in a string. Consider the following.
I’ve been continuing my quest to identify users who have large Exchange mailboxes. I wrote a function in my last post to find large Exchange mailboxes, but, I wanted to take this a step further and identify the large folders within user mailboxes that could stand to be cleaned out. For instance, maybe I want to find all the users who have a large Deleted Items folder or Sent Items or Calendar. You get the idea. It’s made to be run from a Remote Exchange Management Shell connection instead of by logging into an Exchange server via remote desktop and running such a shell manually. Remote administration is the future (just like my last post)!
In a quest to hunt down users with large mailboxes, I wrote the following PowerShell function. It’s made to be run from a Remote Exchange Management Shell connection instead of by logging into an Exchange server via remote desktop and running such a shell manually. Remote administration is the future!
I recently had the chance to work with Microsoft PFE, Mike MacGillivray, on an upgrade of some Windows Certificate Authorities and want to share the upgrade script with you. Here it is, without commentary. Details and explanation are currently forthcoming.
This is kind of a weird script tip but I bumped into a need for this kind of script so I thought I’d share it. In this post, I have a user and I want to get all the members of all the distribution lists that the user is a member of. That is to say, if the user is a member of DL1, DL2 and DL3 distribution lists, I want to get all the other members of all those distribution lists. You’re going to need a remote Exchange shell for this.
I had a need to repeatedly create random passwords of varying lengths. To satisfy this need, I wrote the following basic script.
If you’re reading this, it means that Windows Server 2016 Technical Preview 4 is released (currently available on MSDN) and one of the new features that’s available is Just Enough Administration (JEA)! Until now, you could use DSC to play with JEA but now it’s baked into Windows Server 2016.
Disclaimer: There are tons of different ransomware variants which behave in tons of different ways. This is an example of simulating just one of those behaviors - one that I’ve found to be common.
There are a bunch of overloads for Add-Printer and Add-PrinterPort to accommodate different kinds of printers and ports. I found it tough, however, to find real examples of how to use these cmdlets to add LPR printers and ports. Not TCP/IP, not TCPLPR, not local ports. I figured it out, though, and now here’s how I did it.
Before we get into this post, here’s a little required reading: http://blogs.technet.com/b/heyscriptingguy/archive/2015/06/20/weekend-scripter-understanding-quotation-marks-in-powershell.aspx
Here’s a quick PowerShell function I put together that you might like to use or pick pieces from. The point of the function is to take a list of usernames and a list of groups and tell you which users are members of which groups, including through nested group membership.
Last week, I had the distinct pleasure of speaking twice at MVPDays in Edmonton. I did two sessions. The first was titled “PowerShell 5.0 - A Brave New World” where Sean Kearney and I introduced the tip of the iceberg that is all the new stuff in PowerShell 5.0. The other session I did was on my own, titled “Going From PowerShell Newbie to PowerShell Ninja”. In the latter session, I promised to share some things today, and I’m here to deliver.
Trying something new. Here’s a quick script I threw together to satisfy a request along the lines of “tell me all the users who have access to this directory”. It’s easy to see all the groups that have access just by right-clicking a directory and going to the Security tab but it’s a pain to get all the users who belong to those groups – especially if there are nested groups (within nested groups, within nested groups). Hence, this script. In addition to the ActiveDirectory PowerShell module, you of course need to be able to read the ACL on the directory you are interested in so use your admin account.
If you haven’t heard, PowerShell.org is taking the lead on organizing the PowerShell Scripting Games. There’s a new format that involves monthly puzzles. Here’s their post on September’s puzzle: http://powershell.org/wp/2015/09/05/september-2015-scripting-games-puzzle/
Here’s a small function I put in my PowerShell profile to tell me how long it’s been since an AD user’s password was last changed. You do know how to change your PowerShell profile, don’t you? Just type the following in a PowerShell prompt.
You don’t log onto an Exchange server via RDP and open the Exchange Management Shell application when you want to do Exchange-PowerShell things, do you? You follow the steps in my Opening A Remote Exchange Management Shell post, right?
If you haven’t heard, PowerShell.org is taking the lead on organizing the PowerShell Scripting Games. There’s a new format that involves monthly puzzles. Here’s their post on August’s puzzle: http://powershell.org/wp/2015/08/01/august-2015-scripting-games-puzzle/
The title of this post is a bit funny. The answer is obviously “You can pop both folders open in Windows Explorer, right click, Properties and compare the security tab!” right? Well, you can, but what about folders that have a lot of complicated permissions? What if you want to compare 100 folders? I don’t know about you but I’m not opening 100 folders and comparing the permissions on them all manually. If only PowerShell could help us! Well it can.
When you use the Get-MessageTrackingLog cmdlet, by default, it only searches for messages/events on the server that you’re connected to (see my post on creating connections to Exchange). That’s not great in a multi-server environment. I want results from every server.
If you haven’t heard, PowerShell.org is taking the lead on organizing the PowerShell Scripting Games. There’s a new format that involves monthly puzzles. Here’s their post on July’s puzzle: http://powershell.org/wp/2015/07/04/2015-july-scripting-games-puzzle/
Don’t ask me why but I recently had a need to get a random line from a text file. There’s a small piece of strange behavior that I came across with the cmdlet I chose to use: Get-Random. Get-Random does what it sounds like. It’s commonly used for getting random numbers (see this post I wrote a while ago about a gotcha with this behavior) but you can also pass it an input object.
Here’s a quick one-liner that will remove all of the blank lines from a file.
Remember 2003? 2003 was a good year. Camera phones got popular, XBox took off, and I was a 14 year old in 9th grade. 2003 was also, obviously, the year that Microsoft released Windows Server 2003. Are you still running it? You shouldn’t be, but I bet lots of you are. That should scare you because in less than six weeks from the time of this post, on July 14, 2015, Microsoft is ending support for Windows Server 2003. If you’re not done your Windows Server 2003 migration to newer operating systems (Windows Server 2012 R2 is an excellent choice), or worse - not even started, you could face some very serious consequences. Let’s answer a few questions you might have about that.
Here’s a one-liner that will help you find all the mail enabled groups that a user is a member of. A little pre-requisite reading is this bit on group types to understand the difference between a security group and a distribution group: https://technet.microsoft.com/en-us/library/cc781446%28WS.10%29.aspx?f=255&MSPPError=-2147217396
Predictably, there are lots of new cmdlets coming in PowerShell/Windows Management Framework 5.0. Two of them that just came out in build 10105 are the Get-Clipboard and Set-Clipboard cmdlets. The help docs aren’t all written at the time I’m writing this post but I wanted to introduce them and highlight a couple neat use cases I immediately thought of.
It’s really easy to search your local certificate store using PowerShell. You simply run a command like this.
Do you ever worry about giving Domain Admin or other Active Directory privileges to people? I do, so I decided to protect some sensitive items in my AD from accidental deletion - or as I like to call it, protecting against finger slips.
I’ve got kind of a silly post this week. I often get a list of names in the format…
I just bumped into something silly that I know I’ll forget about in the future. Using the function in my PowerShell profile to open an Exchange Management shell, I ran the following command as part of a script.
In PowerShell, symbolic links (symlinks) appear pretty transparently when you’re simply navigating the file system. If you’re doing other work, though, like changing ACLs, bumping into symlinks can be a pain. Here’s how to tell if a directory in question is a symlink or not.
Let me be absolutely clear about this post. I do not in any way encourage or support people who wish to use the below information to circumvent the controls put in place by companies and administrators. This post is strictly for academic purposes and for the sake of sharing information.
As part of another PowerShell script I’m writing, I needed to get an array of all of the certificates issued in my Enterprise PKI environment by a specific Issuing Certificate Authority (CA) that are of a certain Certificate Template.That doesn’t sound like such a tall order. You can launch MMC.exe, add the Certification Authority module, browse the issued certificates and see for yourself the different issued certs and their template.
I use a few PowerShell scripts that end up triggering Service Management Automation (SMA) runbooks. Each time you want to use PowerShell to do that, you end up creating a one-time use SMA schedule. These one-time schedules are eventually cleaned up by SMA but they can clutter your view pretty well if you have a lot of them.
The PowerShell command Get-Random is kind of weird. Consider the following script:
Here’s a quick task: Get the WMI object win32_bios for a computer. Using PowerShell, that’s really easy. You just run Get-WMIObject win32_bios. Now what if you wanted all the extended properties of the object (not just the five that it normally returns) and ONLY to return the properties that actually have a value assigned?
What if you have an Exchange Online Protection (EOP) transport rule that isn’t behaving the way you thought it should? I’ve been the victim of some strange inconsistencies with EOP since they tried to migrate us from Forefront Online Protection for Exchange (FOPE) in March (actually summer) of last year.
There’s lots of big, exciting, non-blogable things happening at work this week so here’s a very quick tip.
Here’s a function I stuck in my PowerShell profile. I found myself making lots of remote connections to my Exchange 2013 environment so I put together a quick function to create the connection for me. It’s far from perfect but it saves me time every single time I use it so check it out.
I recently ran into an issue that I think is actually pretty funny. It was time to renew the publicly trusted certificate that we install on our Exchange 2013 servers that gets tied to SMTP, OWA and some other IIS services like autodiscover. Since SHA-1 is on the road to deprecation, our cert vendor pushed pretty hard to get something with a hashing algorithm of SHA-2 (or SHA-256, it’s the same thing). Sounds reasonable, right?
The sad reality of using Service Management Automation is that it can be a little iffy in the stability department. That being so, I decided to put together an SMA runbook that would report on all the other SMA runbook failures of the last 24 hours. Yes, I realize the irony in using SMA to report on its own runbook failures. One must have faith in one’s infrastructure and this particular runbook.
Happy New Year’s Eve! Here’s a quick tip just before New Year’s.
I wanted to do some maintenance on my SMA runbook servers but couldn’t remember which jobs were going to run in the next 12 hours (if any). Luckily there’s a quick way of getting that information! This work assumes that you have the SMA tools installed and that you ran the below command or have it as part of your profile.
I don’t know about you but I hate dealing with systems that use UTC time. I have SMA runbooks that work with Exchange 2013, Exchange Online Protection and other services that annoyingly return results in UTC instead of my local timezone. I wrote an SMA runbook that can be called from other SMA runbooks to do the conversion for me.
For one reason or another, I found myself in a situation this week where I needed to print all the contents of a directory on an hourly basis. Not only did I need to print the contents, I needed the jobs to go to a specific printer, too.
Here’s a neat little PowerShell function you can throw into your scripts. Lots of times I want to specify a CSV or TXT or some other file in a script. It’s easy to do this:
$inputfile = read-host "Enter the path of the file"
$inputdata = get-content $inputfile
But that means you have to type the whole absolute or relative path to the file. What a pain. I know what you’re thinking… There must be a better way!
I was doing a little work that involved using PowerShell to get a list of printers from several remote print servers. I figured this would be a great job for WMI and I was right. The command I used, looked like this.
Let’s hypothetically say I have an old Windows Server 2003 Intermediate Certificate Authority. Let’s also hypothetically say that I already replaced my antiquated Windows Server 2003 PKI infrastructure with a Windows Server 2012 PKI infrastructure and I am only keeping the 2003 stuff around so it can publish a CRL and to run a monthly script that tells me which certs are going to expire within 60 days. It’s good to know which certs will expire within 60 days so you can remember to renew them or confirm that they don’t need renewal.
In Exchange, user mailboxes are stored in databases. You regularly back up these databases, don’t you? Good.
Everybody knows that the first post on a blog isn’t supposed to have any real content or be super helpful. Let’s just get it out of the way, then.