Create A Server 2012 VM In VMware Fusion

Our friends at VMware continue to outdo themselves. The latest release of Fusion works so well with Windows Server 2013 that even I can’t screw it up. To create a virtual machine, simply open VMware Fusion and click New from the File menu. Screen Shot 2014-04-06 at 3.43.26 PM Click “Choose a disc or disc image.” Screen Shot 2014-04-06 at 3.43.58 PM Select your iso for Server 2012 and click on Open (if you have actual optical media it should have skipped this step and automatically sensed your installation media). Click Continue back at the New Virtual Machine Assistant screen. Screen Shot 2014-04-06 at 3.45.26 PM Click Continue when the Assistant properly shows the operating system and version. Screen Shot 2014-04-06 at 3.50.07 PM Enter a username, password and serial number for Windows Server if you want Fusion to create these things automatically and just complete an installation. If not, uncheck Easy Install (but seriously, who doesn’t like easy). Also, choose the version of Windows Server (note that there’s no GUI with the Core options). Click Continue. Screen Shot 2014-04-06 at 3.50.55 PM At the Finish screen, you can click Customize Settings if you would like to give the new virtual machine more memory or disk. Otherwise, just click Finish. Screen Shot 2014-04-06 at 3.52.00 PM When prompted, choose where the new virtual machine will live and click Save. The VM then boots into the Setup is starting screen. You will be prompted for a Core vs. a GUI install (I know, you picked that earlier). I choose a GUI, then click Next. Screen Shot 2014-04-06 at 3.53.28 PM When the setup is complete, login, run Software Update and you’re done!

Edit Windows Hosts File

Pretty much every operating system has a hosts file. In that file, you can define a hostname and then set a target IP. In Windows, that file is called hosts.txt and located in %systemroot%\system32\drivers\etc\. By default, that %systemroot% is going to be C:\Windows. This makes the path to the file C:\Windows\system32\drivers\etc\hosts.txt. By default, you’ll see the following: 127.0.0.1 localhost loopback ::1 localhost When you edit the file, add a new line with the IP address then a tab then the hostname that you’d like to be able to ping to get the address in question. For example, to add server.krypted.com to point to 192.168.210.210, you’d add some lines to make it look as follows: 127.0.0.1 localhost loopback ::1 localhost 192.168.210.210 server.krypted.com Then save and try pinging the host: ping server.krypted.com

Use PowerShell to Query WMI on Windows Servers

I recently needed to check and see whether a backup drive (which was just a 4TB USB drive) was plugged into a server. But the server had no GUI, so I had to use the command line. There was no drive letter mapped to this drive, so I needed to use something else and I needed to make a script that could be used long-term. Luckily, PowerShell can be used to obtain WMI information on the hardware installed on a computer. This allows administrators to query WMI about the USB devices currently installed on a server. In the following command, we’re going to use gwmi from PowerShell and we’re going to query for Win32_USBControllerDevice. We’re going to run the command against the computer name in question (example here is host.krypted.com although if we left the -computername option off it would run against the host the command is run on). Get-WMiObject Win32_USBControllerDevice -computername host.krypted.com | fl Antecedent,Dependent This will apply a filter, similar to using grep in bash. That filters only the antecedent and dependent fields from the host.krypted.com computer. You could also remove the pipe and pull a full export, but if I’m using this in a script the less data to parse the better. If you think of WMI as containing a big tree about the hardware installed, the filter for Antecedent brings back what must be running in order for the drive to be present and the Dependent returns those that are dependent on the drive. You can also obtain a lot more information through WMI. For example, you can pull information from any of the WMI classes, such as win32_bios Get-WmiObject win32_bios -computername host.krypted.com Note, you can derive properties and methods for a given class by using the get-member commandlet: Get-WmiObject win32_bios | get-member Once you know which property you need, you can then parse the information a little further to get a very specific answer: get-wmiobject win32_bios -computername host.krypted.com | Select-Object displayname Finally, you can shorten this by replacing the Get-WmiObject commandlet with gwmi, which is an alias for that command. Test it out, if you like: gwmi win32_bios | get-member

Produce Random Complex Passwords in Excel

Recently, I’ve been spending a lot of time normalizing data in Excel. And when I needed to generate a bunch of passwords for a project, I almost switched to another tool to do so. But I decided that I was already in Excel so I might as well do it there. Excel has a couple of random (pseudorandom) number and character functions in RAND() and RANDBETWEEN(). In its simplest, let’s just pick a number between one and ten: =RANDBETWEEN(1,10) Now let’s pick a number that’s 9 characters after a decimal: =RAND() Or make it a regular nine character number: =RAND()*1000000000 Regrettably numbers are OK for passwords. So let’s bump up our game a little and produce a random letter that can be used in a password (64+26=90): =CHAR(RANDBETWEEN(65,90)) Or for more complex characters (thus allowing for more modern passwords): =CHAR(TRUNC(RAND()*90+33)) You can then add an ampersand after and throw it in again, like so (minus the = to kick off the formula) for a two character password: =CHAR(TRUNC(RAND()*90+33))&CHAR(TRUNC(RAND()*90+33)) This allows you to create about as many characters worth of passwords as you’d like. You can use simpler characters by reducing the numbers in the formula.

Scripting PGP Whole Disk Encryption On A Mac (or Windows, really)

The PGP Whole Disk Encryption (WDE) tools have a command line interface for both OS X and Windows. The options are mostly the same across the two. We’ll focus on two for the purposes of this little article. The first is –list-user and the second is –change-passphrase, although there are a number of other options. A general breakdown of the options include the following:
  • –enum – show the disks available
  • –disk-status – show the encryption status disk indicated with the –disk option
  • –stop – stop the encryption or decryption process of a –disk using –passphrase
  • –instrument – Install BootGuard using the –disk option followed by the number of the disk
  • –uninstrument – Remove BootGuard using the –disk option followed by the number of the disk
  • –add-user – Add a PGP user (include a user name followed by –passphrase and the passphrase, as well as –disk and the number of the disk)
  • –change-passphrase – Change the password on –disk for user specified with -u on –domain with the -i to make it interactive (with an option to include a –recovery-token if you don’t have the password)
  • –list-user – List the PGP users with access to a –disk
  • –encrypt – Manually enable encryption on a –disk using a –passphrase
  • –decrypt – Disable encryption by decrypting the disk at –disk using a –passphrase
  • –recover – allow a user to recover a –disk when BootGuard is unavailable using the –passphrase
symc_pgp_wholedisk_0So let’s put these in motion.¬†First, let’s just look at all the disks available using the –enum option: pgpwde --enum OK, so disk 0 is my only volume and it’s bootable. Nothing has been encrypted yet. So let’s confirm by looking at –disk-status: pgpwde --disk-status --disk 0 Now, let’s see who’s got access to that disk: pgpwde --list-user --disk 0 Then, let’s enable BootGuard on our volume: pgpwde --instrument --disk 0 And then add user cedge to be able to unlock that volume, with a passphrase of krypted: pgpwde --add-user cedge --passphrase krypted --disk 0 And then let’s encrypt it: pgpwde --encrypt --passphrase krypted --disk 0 And finally, to change the password of that cedge account to something more secure: pgpwde --change-passphrase --disk 0 -u cedge --passphrase krypted --new-passphrase "!Ab@nK$Ru13z" To make scripting this a bit easier, you can also choose to skip the whole –passphrase option (since you might not know the current passphrase since they’re not typically reversible) you can use the –recovery-token option (assuming you have a token). Note: No passwords were hurt in the writing of this article.

Check It Ma, Logz For Dayz

On a Mac, I frequently use the tail command to view files as they’re being written to or in use. You can use the Get-EventLog cmdlet to view logs. The Get-EventLog cmdlet has two options I’ll point out in this article. The first is -list and -newest. The first is used to view a list of event logs, along with retention cycles for logs, log sizes, etc. Get-EventLog -list You can then take any of the log types and view information about them. To see System information: Get-EventLog System There will be too much information in many of these cases, so use the -newest option to see just the latest: Get-EventLog system -newest 5 The list will have an Index number and an EventID. The EventID can then be used to research information about each error code. For example, at http://eventid.net.

Kill Processes In Windows

You always want to stop a process gracefully. However, sometimes it’s just not possible to do so. Sometimes, you have to kill a process. Sometimes you have to end a process or a process tree when you can’t restart them gracefully. To stop a process in Linux and Mac, use the kill command. In Windows, there’s a Powershell cmdlet called Stop-Process that enables you to terminate a process. As with kill, just add the process ID at the end of the command. For example, to stop process 318: Stop-Process 318 Or you can stop based on the name of the process using the -processname option. For example, to kill a process called minesweeper: Stop-Process -processname minesweeper Note: You can include wildcards in these commands as well. Be careful what you wish for. The reason you’d kill a process rather than reboot is that you don’t want to reboot because other processes are working out just fine. You can always kill a process, but some will reboot your boxen. Finally, there’s also taskkill.exe, which can be used as well: taskkill.exe /F /IM minesweeper.exe /T

Net Stats & Windows Server

Windows Server tracks the sessions that have been authenticated into the system, those that have been timed out, those that have errored, kb sent/received, response time, errors, permission problems, password problems, files opened, print job spooling and buffers quickly and easily. Simply use the net command we’ve all been using for 20 years, followed by stats or statistics: net statistics When prompted choose server or workstation. In this case, we’ll use Server. net statistics Server Here’s the output from a new server: Screen Shot 2013-12-01 at 11.21.50 PM And if you’re trying to troubleshoot client/server communications, keep in mind that you can look at much of this on the workstation side as well, but from the client perspective: net statistics Workstation Screen Shot 2013-12-01 at 11.23.34 PM

Run Windows Updates From The Command Line

Windows Updates can be run using a standard batch script. Do so using the wusa.exe is the command that runs updates that you specify. These updates are run using the wusa command, nested inside the Windows directory (%WINDIR%\SysNative to be exact). To run, specify the path to the package you’d like to install. In this case, I’ve mapped a drive to my updates, and placed each in a directory named after the update ID. To run, just run with the path to the .msu file: wusa.exe U:\2862152\Windows8.0-KB2862152-x86.msu To then uninstall the package (if you dare), use the /uninstall option. In this command, you don’t need to provide the path, only the kb number, along with the /kb option: wusa.exe /uninstall /kb:2862152 /quiet /norestart The package then completes. If needed, you will have to reboot the system. You can also indicate /warnrestart which prompts to restart or /forcerestart that automatically restarts the system without any warnings. Packages can also be installed before a computer boots in 7 and 8 using the DISM.exe command with the /Add-Package option along with the Windows Automated Installation Kit.

Control Windows Firewall From The Command Line

The Windows Firewall is controlled using the netsh command along with the advfirewall option. This command is pretty easy to use, although knowing the syntax helps. The most basic thing you do is enable the firewall, done by issuing a set verb along with a profile (in this case we’ll use current profile) and then setting the state to on, as follows: netsh advfirewall set currentprofile state on Or if you were controlling the domain profile: netsh advfirewall set domainprofile state on You can also choose to set other options within a profile. So to set the firewall policy to always block inbound traffic and allow outgoing traffic, use the set currentprofile followed by firewallpolicy as the option to set and then blockinboundalways and allowoutbound delimited with a comma: netsh advfirewall set currentprofile firewallpolicy blockinboundalways,allowoutbound To restore information back to defaults, use the reset verb: netsh advfirewall reset To open incoming access to just the file and printer sharing services: netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes Or remote desktop connections: netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=domain Because the Windows Firewall can be stageful, you can also allow a program to have access (in or out), as with the following app called SecureApp.exe: netsh advfirewall firewall add rule name="Secure App" dir=in action=allow program="C:\Program Files\SecureApp.exe" enable=yes Or to restrict that app: netsh advfirewall firewall add rule name="Secure App" dir=in action=deny program="C:\Program Files\SecureApp.exe" enable=yes You can also allow based on IP or range of IP by adding the remoteip variable: netsh advfirewall firewall add rule name="Secure App" dir=in action=allow program="C:\Program Files\SecureApp.exe" enable=yes remoteip=206.13.28.12,LocalSubnet profile=domain Or to open a specific port: netsh advfirewall firewall add rule name="Open SSL" dir=in action=allow protocol=TCP localport=443 Overall, the netsh advfirewall command is pretty easy to use and allows for a lot of programatic control of the Windows Firewall without having to learn a lot of complex scripting. And of course, to disable, feel free to just turn that on to an off from the initial command: netsh advfirewall set currentprofile state off