krypted.com

Tiny Deathstars of Foulness

Here ya’ go!

netsh advfirewall firewall add rule name=”KryptedWebhook” dir=in protocol=tcp localport=8443 profile=private remoteip=any action=allow

Wait, what’s that?!?! Let’s break down the options I used here:

  • advfirewall: Yup, it’s the new firewall.
  • firewall: Yup, it’s a firewall.
  • add: I’m adding a new rule. I also could have used delete along with the rule name and removed one. Or show to see one. Or set to augment one.
  • rule: It’s all about rules. Each rule allows for a port and/or an action.
  • name: Every rule needs a unique name. Namespace conflicts will result in errors. If programmatically creating rules, I’ve found it undesirable to use a counter and instead moved to using GUIDs and a hash table.
  • dir: The direction traffic is flowing. In is for incoming traffic or out would be to block outgoing traffic.
  • protocol: Use the protocol, typically tcp or ump, but if pings, might be one of the icmps.
  • localport: The port that is being used (there’s also a remoteport operator for reflections).
  • profile: I mostly use profile of private.
  • remoteip: Set to any but could be set to a given IP for increased security (yes, I know people can spoof these – so your version of the word might be different.
  • action: I used allow, but could have been block (which denies traffic) or bypass.

For further security, I might add a security operator, to allow for an authentication string. You can

You might also need to allow traffic for a given app. To do so, let’s add a rule that does so, the only option for which not mentioned above is program, which is the path to the binary we’re allowing:

netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\kryptedscripts\kryptedcompiledwebapp.exe" enable=yes

To then see the rules and validate that your rules were indeed installed, use:

netsh advfirewall firewall show rule name=all

The reason I call this quick and dirty is that I’m really only covering a small subset of options. Additionally, it would be a bit more modern to do this via powershell using New-NetFirewallRule or one of the many, many other commandlets, such as Copy-NetFirewallRule, Enable-NetFirewallRule, Disable-NetFirewallRule, Get-NetFirewallAddressFilter, Get-NetFirewallApplicationFilter, Get-NetFirewallInterfaceFilter, Get-NetFirewallInterfaceTypeFilter, Get-NetFirewallPortFilter, Get-NetFirewallRule, Get-NetFirewallSecurityFilter, New-NetFirewallRule, Open-NetGPO (cause you can configure the firewall through a GPO), Remove-NetFirewallRule, Rename-NetFirewallRule, Save-NetGPO, Set-NetFirewallRule, Set-NetFirewallSetting, and Show-NetFirewallRule.

January 27th, 2017

Posted In: Windows Server, Windows XP

Tags: , ,

A number of environments need to disable the Notification Center and Action Center features in Windows 10. This can be done using the registry editor or using a Group Policy Object (GPO).

First let’s look at doing so with the registry. As with any mucking around with the registry, when editing, I strongly recommend backing up the registry and/or creating a restore point first. Once done, click Run, enter regedit and hit Enter to open the Registry Editor.

Next, right-click on the HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer registry key and create a new DWORD (32-bit) key. Call the key DisableNotificationCenter and provide the number 1 as the value. Then quit the Registry Editor and restart. Notification Center and Action Center should then be disabled. Simply delete that key and reboot in order to go back.

If the Group Policy Editor is available, click Run and enter gpedit.msc. Then open the User Configuration, navigate to Administrative Templates, click on Start Menu and then choose Taskbar. Open Remove Notifications and Action Center, and move the Enabled option to Disable (if disabling of course). You can then run gpupdate or reboot to see the change.

January 2nd, 2017

Posted In: Windows Server, Windows XP

Tags: , ,

One of the easiest things to do in OS X is to remotely run an installation package using the installer command. You can do some similar tasks in Windows, although the commands aren’t quite as cut and dry. The Start-Process command can be used to kick off an executable. Here, we will kick off the msiexec.exe and feed it an argument, which is the msi file to install silently. We’ll then wait for it to complete:

{Start-Process -FilePath "msiexec.exe" -ArgumentList "/i TEST.msi /qb" -Wait -Passthru}

August 19th, 2015

Posted In: Windows Server, Windows XP

Tags: , , , , ,

In Windows 10, Microsoft has finally baked a package manager called OneGet into Windows. It works similarly to apt-get and other package managers that have been around for decades in the Linux world; just works in PowerShell, rather than bash. So let’s take a quick peak. First, import it as a module from a PowerShell prompt:

Import-Module -Name OneGet

Next, use Get-Command to see the options for the OneGet Module:

Get-Command -Module OneGet

This will show you the following options:

Find-Package
Get-Package
Get-PackageProvider
Get-PackageSource
Install-Package
Register-PackageSource
Save-Package
Set-PackageSource
Uninstall-Package
Unregister-PackageSource

Next, look at the repositories of package sources you have:

Get-PackageSource

You can then add a repo to look at, using Register-PackageSource. Or, we’ll just fire away at locating our first package, Acrobat:

Find-Package -Name AdobeReader

Or you could pipe that output to the Install-Package option:

Find-Package -Name AdobeReader | Install-Package

Or Firefox, verbosely:

Install-Package -Name Firefox -Verbose

Or ASP.NET MVC silently (using -Force):

Install-Package Microsoft.AspNet.Mvc -Force

In some cases, you can also use the -Version option to define a specific version, which is why I ended up writing this in the first place – swapping between versions of asp has been a bit of a pain since the introduction of its first update, it seems…
PowerShell logo

February 26th, 2015

Posted In: Windows Server, Windows XP

Tags: , , , , , , , , , , , , , ,

You can gracefully stop Windows processes using the Stop-Process command let. For example, to stop Chrome:

Stop-Process -Name Chrome

Or to stop it by ID. To locate the ID of a process, use get-process:

get-process Chrome

You can then use the -ID operator to stop the process:

Stop-Process -ID 6969

Kill is a command that all Mac and Unix admins know. It’s similar to Stop-Process, except it’s anything but graceful. And you use the -processname option to stop a process:

kill -processname calc

January 12th, 2015

Posted In: Active Directory, Windows Server, Windows XP

Tags: , , , , , ,

There are 3 registry keys that admins in the Windows world use to enable automatic logins, often required for deployments that require a logged in user to setup user environments, such as configuring app deployments as part of a mass deployment.

The required keys in the registry are:
(more…)

December 8th, 2014

Posted In: Active Directory, Mass Deployment, Microsoft Exchange Server, VMware, Windows Server, Windows XP

You can get the currently logged in user from a powershell script by using
$env:username. But most deployment scripts use elevated privileges. Therefore, you need to be a tad bit craftier.

(more…)

December 7th, 2014

Posted In: Programming, Windows Server, Windows XP

A few people have hit me up about issues getting Windows machines to play nice with the SMB built into Yosemite Server and Windows. Basically, the authentication dialog keeps coming up even when a Mac can connect. So there are two potential issues that you might run into here. The first is that the authentication method is not supported. Here, you want to enable only the one(s) required. NTLMv2 should be enabled by default, so try ntlm:

sudo serveradmin settings smb:ntlm auth = "yes"

If that doesn’t work (older and by older I mean old as hell versions of Windows), try Lanman:

sudo serveradmin settings smb:lanman auth = “yes"

The second is that the authentication string (can be seen in wireshark) doesn’t include the workgroup/domain. To resolve this, simply include the Server name or workgroup in the beginning of the username followed by a backslash(\). So you might do this as a username if your NetBios name were kryptedserver:

kryptedserver\charles

To get that exact name, use serveradmin again, to look at the smb:NetBIOSName attribute:

smb:NetBIOSName = "kryptedserver"

November 4th, 2014

Posted In: Mac OS X Server, Windows Server, Windows XP

Tags: , , , , , , , , ,

There are a number of tools available for using Syslog in a Windows environment. I’ll look at Snare as it’s pretty flexible and easy to configure. First download the snare installation executable from http://sourceforge.net/projects/snare. Once downloaded run the installer and simply follow all of the default options, unless you’d like to password protect the admin page, at which point choose that. Note that the admin page is by default only available to localhost.

Once installed, run the “Restore Remote Access to Snare for Windows” script.

Screen Shot 2014-04-10 at 10.56.43 AM

Then open http://127.0.0.1:6161 and click on Network Configuration in the red sidebar. There, we can define the name that will be used in syslog (or leave blank to use the hostname), the port of your syslog server (we used 514 here) and the address of your syslog server (we used logger here but it could be an IP or fqdn).

Screen Shot 2014-04-08 at 10.58.04 AM

 

Once you have the settings you’d like to use, scroll down and save your configuration settings. Then, open Services and restart the Snare service.

Screen Shot 2014-04-08 at 10.56.22 AM

Then run the Disable Remote Access to Snare for Windows option and you’re done. Now, if you’re deploying Snare across a lot of hosts, you might find that scripting the config is faster. You can send the Destination hostname (here listed as meh) and Destination Port (here 514) via regedit commands (Destination and DestPort respectively) and then restart the service.

Screen Shot 2014-04-08 at 10.56.51 AM

I’ll do another article at some point on setting up a logstash server to dump all these logs into. Logstash can also parse the xml so you can search for each attribute in the logs and with elasticsearch/hadoop/Kibana makes for an elegant interface for parsing through these things.

April 13th, 2014

Posted In: Active Directory, Windows Server, Windows XP

Tags: , , , , , , ,

Changing the Forest Mode in Active Directory can be scripted. I find this useful when regression testing such tasks in a sandbox (e.g. restore image, automate login, change mode, run tests, etc). The script is very simple. First, you’ll import he ActiveDirectory modules:

Import-Module -Name ActiveDirectory

Then you’ll check for the mode prior to running:

Get-ADForest | Format-Table ForestMode

Then you’ll change the forest and domain modes (one per line):

Set-ADForestMode –Identity “krypted.com” –ForestMode Windows2008Forest
Set-ADDomainMode –Identity “krypted.com” –DomainMode Windows2008Domain

Then you’ll report the result:

Get-ADForest | Format-Table Name , ForestMode

The end result could be as simple as three lines if just testing:

Import-Module -Name ActiveDirectory
Set-ADForestMode –Identity “krypted.com” –ForestMode Windows2008Forest
Set-ADDomainMode –Identity “krypted.com” –DomainMode Windows2008Domain

April 8th, 2014

Posted In: Active Directory, Mass Deployment, Windows Server, Windows XP

Tags: , , ,

Next Page »