Param() Tricks

One of the new features of PowerShell v5 is support for creating hard links, symbolic links and junctions. This is long overdue, and much appreciated. Before, I’d been forced to the workaround of using “cmd /c mklink” to create links, and I’m always glad to find a way to get rid of any vestige of cmd. Plus, having it as a part of PowerShell gives me way more flexibility in creating scripts.

 

As I was looking at some of my existing scripts, it occurred to me that I should be taking advantage of hard links in more scripts. I already use hard links for my various RDP connects, using a long switch statement. (I’ll write that up one of these days, it’s actually pretty cool.) But what caught my eye today was the script I wrote to create virtual machines for my labs — New-myVM.ps1. I have a –Client parameter to the script that is a Boolean, defaulted to $False:

[CmdletBinding()]
Param([Parameter(Mandatory = $True,Position = 0)]
      [alias("Name")]
      [string]
      $VmName,
      [Parameter(Mandatory=$False)]
      [Boolean]
      $Client=$False
      )

Which is OK, but it occurred to me that I could do better. So, first, I created a new, hard-linked file with:

New-Item -Type HardLink -Name New-myClientVM.ps1 -Path .New-myVM.ps1

Now I have one file with two names. Cool. So, let’s take that a step further. I can tell which version of it I called from the command line by taking advantage of the automatic PowerShell variable $myInvocation:

$myInvocation.mycommand.name

This returns the filename (“.name”) of the command (“.mycommand”) that was executed ($myInvocation). So now, I can use:

$client =  ($myInvocation.mycommand.name -match "client")

I put that near the top of the script, and now I could branch depending on whether I was creating a server VM or a client VM. Which was definitely better, but still left me thinking it could be improved.

 

So, how about making the whole thing a lot cleaner by getting rid of that extra line? After all, I’m creating a variable and defaulting its value to $false, but why not default its value more intelligently, controlled by which file I executed to create the VM? I can still override it with the parameter (so no scripts that call this script will break), but now, I can set it automatically without using a parameter at all.

[CmdletBinding()]
Param([Parameter(Mandatory = $True,Position = 0)]
      [alias("Name")]
      [string]
      $VmName,
      [Parameter(Mandatory=$False)]
      [Boolean]
      $Client=($myInvocation.myCommand.Name -match "Client")
      )

Now that pleases me. It feels “cleaner”, it’s clear what I’m doing, and it doesn’t take any longer to evaluate than it would as a standalone line.

OpenSSL Releases Security Updates

OpenSSL Releases Security Updates

Original release date: September 23, 2016

OpenSSL has released security updates to address vulnerabilities in previous versions. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.

Available updates include:

  • OpenSSL 1.1.0a for 1.1.0 users
  • OpenSSL 1.0.2i for 1.0.2 users
  • OpenSSL 1.0.1u for 1.0.1 users

Want to see ransomware in action?

This is an analysis of an email that I got….

Check it out here: https://www.reverse.it/sample/0adc7a9b3173d6db061d1c354864cecd9e43bd2b8cc25f977783921448349e95?environmentId=100#

Or a shorter link to it is here:

http://tinyurl.com/igniteransomware

Packing the geek stuff

Getting ready to get on a plane tomorrow for Atlanta.  Philip Elder is heading there as well and I’m looking forward to getting his SMB and cluster views first hand.

By the way have you seen the upcoming SMB virtual sessions with the new technology heading our way?

SMB Tech Jumpstart: Hybrid Identity:
https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x645146868f

Date: Oct 03, 2016  |  Time: 10:00 AM – 11:00 AM  |  Location: Skype Meeting

SMB Tech Jumpstart: Hybrid Identity

Are you interested in EMS and Azure, but you aren’t sure where to start? Do you feel like you don’t quite know the technologies you’re selling? Maybe you just don’t know where to begin to understand all of the Microsoft tools?

 

Our new SMB JumpStart: Hybrid Identity program kicks off on October 3rd, and you won’t want to miss this great opportunity designed to help your team comprehend, adopt, and deploy Microsoft Technologies to expand your business opportunities.

This four-week program includes weekly webinars focused on a new aspect of the chosen technology, as well as hands-on independent learning assignments and Office Hours sessions, to help insure engagement and individual comprehension. If you have additional questions, there will be a members-only Yammer group where you can consult technical experts. At the end of the series, you will be your company’s Identity technical champion, ready to identify, pitch, and implement new customer services.

Benefits to you:

In this 4-week program on Hybrid Identity, you’ll receive step-by-step guidance and resources each week on the following topics:

  • Choosing a Champion and Activating Your Internal Use Rights
  • Connecting your On Premises Active Directory with Office 365 and Azure
  • Using Multi-Factor Authentication and Single Sign-on for other Software as a Service solutions
  • Custom Portal Branding, Password Writeback, and other enhanced Azure Active Directory Premium benefits

Who should participate: This program is best-suited for companies who are ready to commit to starting a EMS or Azure practice today. We recommend your company’s Office 365 technical lead attend the sessions.

 

Ready to get started?

The program kicks off on Monday, October 3rd.

Register for the program and you will receive access to the webinars, private Yammer group, and resources webpage.

 

Webinar (10-11am PST) Office Hours (10-11am PST)
October 3 October 7
October 10 October 14
October 17 October 21
October 24 October 28

How to Automatically Create System Restore Point at Startup in Windows 10

System Restore uses a feature called system protection that regularly creates and saves information about your PC’s drivers, programs, registry, system files, and settings as restore points.

Windows automatically creates restore points just before significant system events, such as the installation of desktop apps and new Windows Updates, if the last restore point is older than seven days if no other restore points were created in the previous seven days. You can also create restore points manually at any time.

This tutorial will show you how to create an elevated task to automatically create a system restore point at startup in Windows 10.

Read more…

October Windows Rollup won’t include

We were all told that, starting with the October Patch Tuesday, that all updates and patches for Windows 7 and 8.1 would be included in a single “Rollup” update. Needless to sy, most of us are not happy. Any problem with an update will require uninstalling THE ENTIRE ROLLUP!

Well, turns out that that’s not entirely true. Looks like Internet Explorer updates will be released  separately.

Microsoft won’t bundle IE patches with new cumulative updates for Windows 7 and 8.1 (19 Sept-16)

Mozilla updates Firefox to 49.0.1 and Firefox ESR to 45.4

Firefox

Firefox ESR

How to Enable or Disable File History in Windows 10

File History was first introduced in Windows 8, and has been improved in Windows 10.

You can use File History to automatically back up versions of your files on a schedule to a location you select to save to. You can select to save backups to an internal hard drive, externally connected drive (ex: USB drive), or you can save to a drive on a network. You can add, remove, and exclude folders to be backed up by File History.

Over time, you’ll have a complete history of your files. If the originals are lost, damaged, or deleted, you can restore them. You can also browse and restore different versions of your files.

This tutorial will show you how to enable or disable File History for all users in Windows 10.

Read more…

Sorting String Vectors Benchmark: ATL vs. STL. vs. Raw Pointers

Another string benchmark, comparing sorting times of string vectors.

Conclusions

  • In 32-bit builds, ATL’s CStringW performs slightly better.

  • In 64-bit builds, STL’s wstring performs slightly better.

  • With small strings, STL’s wstring performs much better than ATL, thanks to the Small String Optimization (SSO).

  • Raw wchar_t pointers show best performance.

How to Turn On or Off Email for Account in Mail app in Windows 10

Windows 10 comes with a new Mail app. The new Mail app brings improved performance and a familiar three-pane email UI, with a toggle to quickly move between your email and calendar. Mail includes customizable Swipe Gestures, letting you swipe right or left to take actions like delete, flag, move or mark as read/unread. Also check out the new email authoring experience. Mail leverages the familiar and rich capability of Word to that allows you to easily insert tables, add pictures and use bullets and color to your text. The new Mail apps support Office 365, Exchange, Outlook.com, Gmail, IMAP, POP and other popular accounts.

If you don’t want to continue to receive email from a particular account in the Mail app for Windows 10, you can either delete the account and remove it from the app, or you can turn off email for that account. Deleting or removing an account from either app will also remove any calendar associated with that account. Turning off email for an account will only temporarily remove the account from the app until email is turned back on for the account.

This tutorial will show you how to turn on or off to receive email for an account in the Mail app for your account in Windows 10.

Read more…

Firefox 49.0.1 Released: September 23, 2016

September 23, 2016

Version 49.0.1, first offered to Release channel users on September 23, 2016

We’d also like to extend a special thank you to all of the new Mozillians who contributed to this release of Firefox!

Fixed

  • Mitigate a startup crash issue caused by Websense (Windows only) (Bug 1304783)

September 2016–DSC Resource updates

Two new modules of DSC resources are available:

OfficeOnlineServerDsc

SystemLocaleDsc

 

A number of updates to existing resources have been made available.

 

Details from https://blogs.msdn.microsoft.com/powershell/2016/09/21/dsc-resource-kit-september-release/

Yahoo! breech reaches 500 Million!

Possibly the worst one yet (that’s if anyone still uses Yahoo!)… Couldn’t happen at the worst time. Could torpedo the sale.

Change your password! Yahoo confirms data breach of 500 million accounts

Removal instructions for MediaPlayAir

What is MediaPlayAir?

The Malwarebytes research team has determined that MediaPlayAir is adware. These adware applications display advertisements not originating from the sites you are browsing.

https://forums.malwarebytes.org/topic/188663-removal-instructions-for-mediaplayair/

The Regression of Flat UIs

Beauty is in the eye of the beholder, and I wholeheartedly prefer “classic” nice 3D colorful rich user interfaces to those “modern” flat bland UIs.

In other words, those “modern” flat UIs are a regression to me.

Just consider how nice is Visual Studio 2010’s UI if compared to the Visual Studio 2015’s one (you can click the screenshots to see them in full size):

Visual Studio 2010 and Windows 7 UI Style

Visual Studio 2010 and Windows 7 UI Style

Visual Studio 2015 Flat UI Style

Visual Studio 2015 Flat UI Style

Also Windows 7 icons (from the previous VS2010 screenshot) look much better to me than those dumbed-down bland icons of Window 10:

Windows 10 Flat Icons

Windows 10 Flat Icons

Don’t get me wrong: there are important improvements under the hood in Windows 10, and the Visual Studio 2015’s C++ compiler and standard libraries are better than those that ship with Visual Studio 2010, but this more recent UI look seems a regression to me.

To make everyone happy, why not just implementing a UI style theme selector, and providing both the “rich” and the “flat” styles, so that users can choose their favorite UI style?

 

How to Generate a Sleep Study Report in Windows 10

A Sleep Study report is tool available on Windows 10 PCs that support the Modern Standby (S0 low power idle) sleep state.

A Sleep Study generates a report of connected standby (aka: “InstantGo” and “Modern Standby”) quality over the last three days on the system.

Sleep Study tells you how well the system slept and how much activity it experienced during that time. While in the sleep state, the system is still doing some work, albeit at a lower frequency. Because the resulting battery drain is not easily perceptible (you can’t see it draining), we built the Sleep Study tool in Windows 10 to allow you to track what is happening. We thought of simply using traditional logging to do this, but ironically, the logging itself would drain the battery. With this in mind, we designed the Sleep Study tool to minimize its own impact on battery life, while tracking the battery draining activities.

You can use Sleep Study to see which apps and devices are most active during a sleep session. Sleep Study reviews all the sleep sessions longer than 10 minutes and provides you with a report that color codes each session according to its power consumption. A session is defined as the period from Screen Off to Screen On. In cases when the system is plugged into AC power, the policies are less stringent than when on battery power. While the tool still tracks connected standby activity on AC power, it is more useful to identify unexpected drains on battery, or DC power.

To help you easily identify apps, devices and services with higher power consumption, these are highlighted in red or orange in the report, and represent opportunities to extend your battery life.

This tutorial will show you how to generate a Sleep Study report for Modern Standby quality in Windows 10.

Read more…

New Ransomware hits Australia & New Zealand

This one, Crysis, is particularly nasty.

Recovering from an infection is no easy task, the researchers found, as the attacks in Australia and New Zealand injected Trojans that redirected to connected devices, such as printers and routers. Thus, the bad actors can re-establish their connections to reinfect systems after the malware has been removed – a good reason, they said, not to pay ransoms.

Crysis ransomware now attacking businesses in Australia and New Zealand

Removal instructions for MyPC Backup

What is MyPC Backup?

The Malwarebytes research team has determined that MyPC Backup is nagware. This one typically gets bundled with other software or promoted heavily through dubious advertisers.
Once installed it keeps reminding the user to register the full version.

https://forums.malwarebytes.org/topic/188617-removal-instructions-for-mypc-backup/

Remote Server Administration for Windows 2012 R2

image

 

Prologue

Ace here again. This discusses remote administration. Simple, right? Maybe not!

Remote Server Administration for Windows 2012 R2

Server Manager in Windows Server® 2012 R2 can be used to perform various management tasks on remote servers. By default, remote management is enabled on Windows Server 2012 R2.You can add remote servers to the Server Manager Server pool in Windows Server 2012 R2 Server Manager.

Objectives

Discuss the following remote admin methods

  • What is Remote Management?
  • How to Enable and Disable Remote Management
  • Remote Management and Tools Commands
  • Server Manager
  • WinRM
  • PowerShell Remoting
  • Remote Desktop
  • Remote Server Administration Tools (RSAT)
  • SCONFIG

What is Remote Management?

Windows Server 2012 R2 provides the ability to remotely manage multiple servers with a number of methods. One of the newest features in Windows Server 2012 is the ability to use Server Manager for this task.

In addition to Windows Remote Management, you can also use Remote Shell and Remote Windows PowerShell to manage remote computers. This provides you the ability to locally load Windows PowerShell modules, such as Server Manager, and execute PowerShell cmdlets available in the loaded module on remote servers. This allows you the ability to run PowerShell commands and scripts. This works including when the script is only on the local server

Windows Remote Management (WinRM) is the Windows implementation of WS-Management, which is an industry standard, Web-based services based protocol. Windows runs the WinRM as a service under the same name, WinRM. WinRM provides secure local and remote communications for management applications and scripts.

In addition, Windows Remote Management is one of the components of the Windows Hardware Management features to allow secure local and remote Windows Server management across a firewall using standard Web service-based protocols.

If the server hardware has an optional, built-in Baseboard Management Controller (BMC) provided by the hardware vendor, you can also remotely manage a system even if the Windows operating system has not yet booted or has failed. This also allows access to the server’s BIOS.

A BMC is an option m provided by hardware vendors, that consists of a microcontroller and an independent network connection that you can communicate to if the server ever becomes offline.

When a server is not connected to a BMC, WinRM can still be used to connect to WMI remotely in situations where firewalls may block DCOM communications, because WinRM uses the secure web-based port, TCP 443.

Additional Reading on WinRM:

About Windows Remote Management
http://msdn.microsoft.com/en-us/library/windows/desktop/aa384291(v=vs.85).aspx

Hardware Management Introduction (includes BMC information)
http://technet.microsoft.com/en-us/library/f550cac0-5344-41cb-8e89-6e5c93236886

.
 
How to Enable and Disable Remote Management

There are a number of methods to administer WinRM.

· Winrm.cmd – Command line tool that allows administrators to configure WinRM, get data, or manage resources. For syntax, you can run winrm /? for online help.

· Win-RM Scripting API – Allows you to create remote administration scripts that expose the WS-Management APIs and protocols.

· Winrs.exe –A command line tool to execute CMD commands on remote servers using WS-Management APIs. For example, to remotely get an ipconfig /all from a remote machine, you can run:
winrs –r:DC12.trimagna.com “ipconfig /all”;tasklist

You can also use the help command to see all possible options and syntax:
winrs –?

· IPMI and WMI Providers – The IPMI provider and drivers allow remote hardware management using BMC. These can be used programmatically.

· WMI Service – Using the WMI plug-in, WMI runs together with WinRM to provide data or control functions for remote management.

· WS-Management protocol – SOAP based protocol using XML messages. It is a web-based, firewall friendly protocol running across secure TCP 443 providing industry-standard interoperability to transfer and exchange management information.

Remote Management Tools and Commands

There are a number of ways to enable, disable and configure Remote Management.

Server Manager

To enable or disable Remote Management, in Server Manager Local Server node, click the text next to Remote Management icon.

WinRM Command

You can use the WinRM command to enable, disable, and configure Remote Management.

The syntax is:

WinRM OPERATION RESOURCE_URI [-SWITCH:VALUR [-SWITCH:VAKLUE] …] [@{KEY=VALUR [;KEP=VALUE]…}]

You can use the following to check the current Remote Management configuration and status:
winrm get winrm/config

Or you can run it remotely on another server using the WinRS command:
winrs –r:DC12-1.trimagna.com “winrm /config”;tasklist

To enable or disable Remote Management:
WinMR qc

When the WinRM qc command is run, it performs a number of steps to enable and configure the Remote Management service:

  1. Configures and changes the WinRM service from Manual to Automatic startup.
  2. Starts the WinRM service.
  3. Creates and configures a listener that will accept WinRM requests on any IP address.
  4. Creates a Windows Firewall exception for WS-Management traffic for the HTTP protocol.

If the Windows Firewall is disabled, you will see one of the following error messages:

  • WSManFault
  • Message
  • ProviderFault
  • WSManFault
  • Message = Unable to check the status of the firewall.
  • Error number: -2147023143 0x800706D9
  • There are no more endpoints available from the endpoint mapper.

To view the command syntax and options, you can run winrm -?

WinRM supports the following commands:

  • PUT
  • GET
  • ENUMERATION
  • INVOKE
WinRM Examples:

Start a service on a remote machine:
winrm invoke startservice wmicimv2/Win32_Service?name=w32time -r:DC12

Reboot a remote machine:
winrm invoke reboot wmicimv2/Win32_OperatingSystem -r:FS1

Additional Reading on the WinRM commands:

An Introduction to WinRM Basics – From the EPS Windows Server Performance Team
http://blogs.technet.com/b/askperf/archive/2010/09/24/an-introduction-to-winrm-basics.aspx

.

PowerShell Remoting

There a number of cmdlets that use WMI for remote administration. The cmdlets invoke a temporary connection the remote computer using WMI, runs the command, then closes the session.

These cmdlets do not use WS-Management based remoting, therefore the computer does not require to be configured for WS-Management nor does it have to meet the system requirement for WS-Management. Because they are not WS-Management service related, you can use the ComputerName parameter in any of these cmdlets

You can run the Invoke-Command cmdlets to run commands on other computers.

For example, to get a list of all services on a remote computer that are either running or stopped, you can run the following command
Invoke-Command –computername DC12 –scriptblock {get-service)

Or to see the status of a single service:
Invoke-Command –computername DC12 –scriptblock {get-service WinRm)

Additional Reading on Remote PowerShell:

Windows PowerShell Remoting – Complete list of commands
http://msdn.microsoft.com/en-us/library/windows/desktop/ee706585(v=vs.85).aspx

.

 

Remote Server Administration Tools (RSAT) for Windows

Remote Server Administration Tools for Windows®  includes Server Manager, Microsoft Management Console (MMC) snap-ins, consoles, Windows PowerShell® cmdlets and providers, and some command-line tools for managing roles and features that run on Windows Server 2012 R2.

.

SCONFIG

For Server Core, you can use the SCONFIG command and choosing Option #4, then choosing Option #1 to Enable Remote Management, or Option #2 to Disable Remote Management.

image

Additional Reading on WinRM tools

About Windows Remote Management
http://msdn.microsoft.com/en-us/library/windows/desktop/aa384291(v=vs.85).aspx

.

Remote Desktop

Remote Desktop has been used for a number of years, and it is the most common method to remotely administer a remote machine. To use Remote Desktop, it must be enabled first on the remote computer. To enable Remote Desktop on the full version of Windows Server 2012, perform the following steps”

  1. Open Server Manager
  2. Click the Local Server Node
  3. Click the “Disabled” status next to Remote Desktop.
  4. The System Properties page appears and is focused on the Remote tab.
  5. Under the Remote tab, select one of the following:
  1. Don’t allow connections to this computer – Default disabled.
  2. Allow connections only from Computers running:
  1. Checkbox: Allow Remote Desktop with Network Level Authentication – If you check this box, this setting enables and only allows secure connections from Remote Desktop clients that support network-level authentication.

image

You can also enable Remote Desktop on Sever Core using the SCONFIG command.

==================================================================

 

Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP – Directory Services

clip_image0023 clip_image0043 clip_image0063 clip_image0083 clip_image0103 clip_image0123 clip_image0143 clip_image0163

Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

The Chinese Dictionary Loading Benchmark Revised

Available here on GitHub.

[…] All in all, I’d be happy with the optimization level reached in #2: Ditch C++ standard I/O streams and locale/codecvt in favor of memory-mapped files for reading files and MultiByteToWideChar Win32 API for UTF-8 to UTF-16 conversions, but just continue using the STL’s wstring (or CString) class!

Recent Comments

Archives