понедельник, 23 апреля 2018 г.

powershell + .net framework examples

Add-Type -AssemblyName 'System.Windows.Forms'
[windows.forms.messagebox]::show('body','title','OkCancel')
[Windows.Forms.Clipboard]::SetText("Hello world!")
[Windows.Forms.Clipboard]::GetText()

 Add-Type -AssemblyName 'System.Web'
[Web.HTTPUtility]::UrlEncode('http://google.com')
Автор: на Комментариев нет:

пятница, 20 апреля 2018 г.

Get local admins  (Local Administrators group list memebers)

function get-localadmins{
  [cmdletbinding()]
  Param(
  [string]$computerName
  )
  $group = get-wmiobject win32_group -ComputerName $computerName -Filter "LocalAccount=True AND SID='S-1-5-32-544'"
  $query = "GroupComponent = `"Win32_Group.Domain='$($group.domain)'`,Name='$($group.name)'`""
  $list = Get-WmiObject win32_groupuser -ComputerName $computerName -Filter $query
  $list | %{$_.PartComponent} | % {$_.substring($_.lastindexof("Domain=") + 7).replace("`",Name=`"","\")}
}

Автор: на Комментариев нет:

четверг, 19 апреля 2018 г.

Two sites on one http port. apache rewrite

<VirtualHost *:80>
    DocumentRoot "/var/www/html/mysite1/"
    ServerName mysite1.com
    ServerAlias *.mysite1.com
    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^mysite1.com$ [NC]
    RewriteRule ^(.+)$ http://www.mysite1.com/$1 [R=301,L]
    ErrorLog /var/log/httpd/mysite1_error_log
    TransferLog /var/log/httpd/mysite1_access_log
</VirtualHost>

 <VirtualHost *:80>
    DocumentRoot "/var/www/html/mysite2/"
    ServerName mysite2.com
    ServerAlias *.mysite2.com
    ErrorLog /var/log/httpd/mysite2_error_log
    TransferLog /var/log/httpd/mysite2_access_log
</VirtualHost>

Автор: на Комментариев нет:

пятница, 13 апреля 2018 г.

ip ip4 and subnet regexp patterns for python

patternIPv4 = re.compile(r"^(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$")
patternIPv4Subnet = re.compile(r"^(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])/(\d|1\d|2\d|3[0-2])$

Автор: на Комментариев нет:

среда, 11 апреля 2018 г.

powershell script to set permission for remote registry

 #set rights for read remote registry
#https://support.microsoft.com/ru-ru/help/314837/how-to-manage-remote-access-to-the-registry
#*netsh firewall set service RemoteAdmin  *required

 $login = "username@domain.win"

 $path = "SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg"
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($($path), [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::takeownership)
$acl = $key.GetAccessControl()

 $rule = New-Object System.Security.AccessControl.RegistryAccessRule ($($login),"ReadKey","Allow") 
$acl.SetAccessRule($rule)
$key.SetAccessControl($acl)

 https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enable-psremoting?view=powershell-5.1

Enable-PSRemoting -SkipNetworkProfileCheck -Force
Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP-PUBLIC" -RemoteAddress Any
=====================================================================

 with array of hosts:

 $psscript = {
 $login = "mylogin@mydomain.dom"

  $path = "SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg"
 $key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($($path), [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::takeownership)
 $acl = $key.GetAccessControl()

  $rule = New-Object System.Security.AccessControl.RegistryAccessRule ($($login),"ReadKey","Allow") 
 $acl.SetAccessRule($rule)
 $key.SetAccessControl($acl)
}

 foreach($pshost in $hostsresult)
{
 $ps = $null
 $ps = New-PSSession -Computername $($pshost.name) -EA SilentlyContinue
 if ($ps -eq $null){
   write-host "Not connected to $($pshost.name)"
   continue
   }
 Invoke-Command -Session $ps -ScriptBlock $psscript
 write-host "$($pshost.name) IS OK"
 Disconnect-PSSession $ps -EA SilentlyContinue | out-null
}



Автор: на Комментариев нет:
powershell scripts for gpo - info users logons

#by alex
#powershell script for write logon info

 $domainname = (Get-WmiObject Win32_ComputerSystem).Domain
$dirtowrite = "\\fileservername\log$"
$log = $dirtowrite + "\-worklog.log" 
$logfile = $dirtowrite + "\-worklog.log"

 function log([string]$txt)
{
 add-content $LOGFILE $txt 
}

 $clienthostinfo = ""

 function mainproc()
{
#if terminal server role installed, get client name too
if((gwmi -namespace root\cimv2\terminalservices -class win32_terminalservicesetting).TerminalServerMode -eq 1){
  Import-Module PSTerminalServices
  $clienthostinfo = "from:"+(Get-TSSession -Filter {$_.Username -like [Environment]::Username} | Select-Object ClientName).ClientName}

 "Logon event at " + $(Get-Date -UFormat "%d-%m-%Y %T") + " for $env:Username on $env:Computername" + " $clienthostinfo" | Out-file -Append -FilePath $("$dirtowrite\$env:Computername-AT-$env:Username@$domainname.log")
}#endof mainproc

 try{
 mainproc
 $retcode = 0}
catch{
   $ErrorMessage = $_.Exception.Message
   $invocation = $PSItem.InvocationInfo
   log("Exception detected!`nError message:$ErrorMessage")
   log("invocation:`n$invocation")
   $retcode = -1
}

 return $retcode
Автор: на Комментариев нет:

воскресенье, 8 апреля 2018 г.

zip/unzip with powershell example

[Reflection.Assembly]::LoadWithPartialName( "System.IO.Compression.FileSystem" )
[system.io.compression.zipfile]::CreateFromDirectory("c:\temp", "s:\temp\test.zip")
[system.io.compression.zipfile]::ExtractToDirectory("s:\temp\test.zip","s:\temp")

more about [system.io.compression.zipfile] class:MSDN Developer Network
Автор: на Комментариев нет:

среда, 4 апреля 2018 г.

powershell script for write info for user by gpo

 when user logon, script will associate user and site where user
 initiated logon by ip of user host and set some information about host (write it for AD fields USER.physicalDeliveryOfficeName and USER.info)

 use with gpo:
logon script - powershell scenario with parameters "-Nologo -WindowStyle Hidden -Noninteractive -Noprofile -ExecutionPolicy Unrestricted"

script:
#by alex

 #script for assotiate user for site by ip

 $LOGFILE=$env:Temp+'\ololo-set-physicalDeliveryOfficeName.log'

 #в массиве из массивов должно быть минимум 2 элемента, не убирать @("0.0.0.0","0.0.0.0")
$global:networks = @{}
$networks.add('Main',@(@("100.70.0.1","100.70.0.254"),@("100.70.1.1","100.70.1.254")))
$networks.add('Site2',@(@("192.168.3.1","192.168.3.254"),@("0.0.0.0","0.0.0.0")))
$networks.add('Site3',@(@("192.168.99.1","192.168.99.254"),@("192.168.100.1","192.168.100.254")))

 $global:sites = @{}
$sites.add('Main','Главный офис компании ООО "ОЛОЛО"')
$sites.add('Site2','Офис в городе Майами')
$sites.add('Site3','Офис в городе Сызрань')

 $global:mysitename=''
$global:myips = @((gwmi Win32_NetworkAdapterConfiguration|?{$_.IPAddress})|%{$_.IPAddress -notlike "*::*"})
$global:myip = ''

 function log([string]$txt)
{
 add-content $LOGFILE $txt 
}

 function getmynetworkname{
global:networks.Keys=$([string]::Join(',',@($global:networks.Keys)))")
  foreach($ip in $global:myips){
   foreach($key in $global:networks.Keys){
     $netbymyip=$ip.split('.')[0]+'.'+$ip.split('.')[1]+'.'+$ip.split('.')[2]
      foreach($arr in $global:networks[$key]){
       $netbyarrip=$arr[0].split('.')[0]+'.'+$arr[0].split('.')[1]+'.'+$arr[0].split('.')[2]
       if($netbyarrip -eq $netbymyip){
        if(([int]$ip.split('.')[3] -ge [int]$arr[0].split('.')[3]) -and ([int]$ip.split('.')[3] -le [int]$arr[1].split('.')[3])){
         $global:myip = $ip
         return $key}
       }
     }
    }
   }#top foreach
 return ""
}

 function mainproc
{
 $now = Get-Date -UFormat "%d-%m-%Y %T"
 $retcode = 1
#выход если это терминальный сервер
#exit when terminal session
 if((gwmi -namespace root\cimv2\terminalservices -class win32_terminalservicesetting).TerminalServerMode -eq 1){
  return $retcode 
 }
 $mynetname = getmynetworkname
 if($mynetname -eq ""){
  $message = "Error! No name for network"
  throw $message
  retun -1
 }

  $global:mysitename = $global:sites[$mynetname]
 $searcher = [adsisearcher]"(samaccountname=$env:USERNAME)"
 $user = [adsi]$searcher.FindAll()[0].Properties.adspath[0]
 $objUser = [adsi]("LDAP://"+$env:LOGONSERVER.trim('\')+":389/"+$user.distinguishedName)
 $operatingsysteminfo = Get-WmiObject Win32_OperatingSystem
 $os = (($operatingsysteminfo).Name).Split('|')[0]
 $arch = $operatingsysteminfo.OSArchitecture
 $comp = Get-WmiObject Win32_Computersystem
 $ram = [string]([math]::Round([int64](($comp).TotalPhysicalMemory/1Gb)))+"Gb"
 $CompName = $comp.Name
 $CompManufacturer = 'Unknown'
 $CompModel = 'Unknown'
 if($comp.Manufacturer -ne "System manufacturer"){
 $CompManufacturer = $comp.Manufacturer}
 if($comp.Model -ne "System manufacturer"){
 $CompModel = $comp.Model}
 $objUser.Put("Info","Last logon info:`r`n$now`r`n$CompName`r`n$CompManufacturer   $CompModel`r`nRAM:$ram`r`nOS:$arch $os")
 if($global:mysitename -ne $user.physicalDeliveryOfficeName)
 {
  $objUser.Put("physicalDeliveryOfficeName", $global:mysitename)
  $retcode = 0
 }
 $objUser.SetInfo()
 return $retcode
}#end of mainproc

try{
 $retvalue = mainproc
}
catch{
   $ErrorMessage = $_.Exception.Message
   $invocation = $PSItem.InvocationInfo
   log("Exception detected!`nError message:$ErrorMessage")
   log("invocation:`n$invocation")
   return -1
}
finally{
 if($retvalue -eq 0){
  log("AD attribute physicalDeliveryOfficeName set to $global:mysitename for host $global:myip for user $env:USERNAME at $(Get-Date)")
  }
}
===================================================
another example
$root = [adsi]""
$rootdn = $root.distinguishedName

 $userinput = $args[0]
$groupobj = get-group $userinput
$groupdn = $groupobj.DistinguishedName

 # Bind to Group object

 $group = [adsi]"LDAP://$groupdn"

$group.put("hideDLMembership", "TRUE" )

$group.setinfo()
Автор: на Комментариев нет:
Подписаться на: Сообщения (Atom)