$Computers = Get-ADComputer -SearchBase ‘OU=computers,DC=domain,DC=local’ -Filter * | select Name
foreach ($Computer in $Computers)
{
Get-CimInstance –ClassName Win32_ComputerSystem -ComputerName $computer.Name | Select-Object UserName, Name
}
Windows 10 reset forgotten local user password
- Download Microsoft media creation tool and create boot usb flash or dvd
- Boot PC with usb flash/dvd
- Switch to recovery mode – run with command line
- > cd Windows\System32
- > ren utilman.exe utilman.exe.bak
- > copy cmd.exe utilman.exe
- Reboot PC
- Wait until login screen present and click on ease of access
- > net user “myLogin” newpassword
10. Here you go with your “newpassword”
WMIC network, #NIC, services
Very simple but useful command wmic #wmic
Last time we’ve learnt, how to run wmic under user profile – (run cmd as different user – Admin).
Today let me show, how to run wmic on the remote machine.
Magic syntax is /node:PC_Name
easy to start/stop local/remote service (for example Themes)
wmic /node:PC001 process call create “net stop/start Themes”
enable/disable particular NIC (as different user, or remotly)
wmic (/node:PCxxx) nic get name, index
wmic /node:PC002 path win32_networkadapter where index=2 call enable/disable
(restart needed)
Uninstall program as different user (Appwiz)
- Run cmd as different user (Admin)
- Type wmic ⏎
- Product get name ⏎ (show appwiz names)
4. Find the program
5. Type: product where name=”Gadwin PrintScreen (64-Bit)” call uninstall ⏎ y
Bulk rename Active Directory groups
#get-qadgroup -searchroot “OU=groups,DC=domain,DC=local” | where {$_.name -like ’00_*’} | % { Rename-qadobject -Identity $_ -NewName ($_.Name -Replace “^00_”, “00_test”) }
Check if file or folder exists on multiple computers #PowerShell
$Computers = Get-content “\\server\path\computers_all.txt”
$Output = ForEach ($Computers in $Computers) {
$Test = Test-Path -path “\\$Computers\C$\Program Files\office\”
If ($Test -eq $True) {Write-Output “Path exists on $Computers.”}
Else {Write-Output “Path NOT exist on $Computers.”}
} $Output | Out-File c:\output.txt
Zabbix Appliance 4.4.0 # VMWare
Download a .vmdk of Zabbix appliance. Create the new virtual machine. (For me was necessary to change SCSI type to LSI Logic Parallel instead SAS) 😦
1. Login as a root: appliance/zabbix
2. set static IP:
* cd /etc/network
* sudo vi interfaces (make sure to know, how to move in Vi editor)
* iface ens160 (eth0 or ensX) inet static
set IP, mask, gateway
* sudo /etc/init.d/networking restart
Check IP:
* ifconfig -a
login: Admin/zabbix
A. create host = server, PC etc. (item = service etc.)
B. add some template (ICMP Ping etc.)
C. create trriger to host or item
D. create an Action (alert e-mail or sms)
Anyway follow the offical Zabbix Documentation 4.4.
https://kb.vmware.com/s/article/1022525
Get users membership from a group in another domain in forest
PS C:\> Get-ADGroupMember -Identity “groupe” -server “another.domain.local”
Define group members with disabled account
Get-ADGroupMember -identity “group” | get-aduser | Where {$_.Enabled -eq $false} | FT samAccountName
Change Active Directory Group type
Modify Active Directory Group type from Global Security do Domain Local etc.
step1:
Get-ADGroup -Filter ‘GroupCategory -eq “Security” -and GroupScope -eq “Global”‘ -SearchBase ‘OU=groups,Ou=domain,DC=domain,DC=local’ | Set-ADGroup -GroupScope Universal
Enter
step2:
Get-ADGroup -Filter ‘GroupCategory -eq “Security” -and GroupScope -eq “Universal”‘ -SearchBase ‘OU=groups,OU=domain,DC=domain,DC=local’ | Set-ADGroup -GroupScope Domainlocal
Enter
Get PC from AD which are not renamed
PowerShell Script which find PC with wrong name. Default name MiniNT etc.
$body = Get-ADComputer -Filter “Name -like ‘minint*'” -SearchBase ‘OU=Desktop,OU=Computers,OU=company,DC=company,DC=local’
If ($body -ne $Null) {
$emailFrom = “alert@mail.com”
$emailTo = “somebody@company.com”
$subject = “Wrong name PC in Active Directory”
$body = $body
$smtpServer = “webmail.com”
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$smtp.Send($emailFrom, $emailTo, $subject, $body)
}
Resize Expand Virtualbox virtual disk UBUNTU
Expand/resize Virtualbox virtual disk when host system is windows and virual machine is ubuntu.
1.
2.
sudo apt-get install gparted
3.
Format uknown partition to swap
4.
Download and boot gparted live cd
5.
4 steps: grow – move – shrink – grow
Finding Computers with a Particular Operating System | upgrade from windows server 2003 to 2008
Use ActiveRoles Management Shell for Active Directory x64
Find your Windows Servers 2003 to upgrade them to Windows server 2008 operating system.
2003->2008
x86->x86
x64->x64
standard->standard
enterprise->enterprise etc.
Microsft Windows May 2015 update problem Enovia Catia
Microsft Windows May 2015 update problem Enovia Catia | remove update
After 2015/5/12 Windows update is not possible to run Catia or Enovia.
More: http://www.intrinsys.com/blog
script cmd to GP or psexec:
@echo off
wusa /uninstall /kb:3061518 /quiet /norestart
Get all recent user permissions / network files entries / user’s permissions
$filteracl = {$_.IdentityReference -match “domain user” -and ($_.FileSystemRights -band 131241 -or $_.FileSystemRights -band 278)}
$objects = Get-ChildItem \\domain.local\dfs\department -Recurse -Force | Export-Csv c:\user.txt
foreach ($i in $objects)
{
$i.GetAccessControl().Access | Where $filteracl | Select `
@{n=”Path”;e={$i.fullname}},
@{n=”User”;e={$_.IdentityReference}},
@{n=”Permission”;e={$_.FileSystemRights}}
}
Trojan:Win32/Shapouf.A
Trojan:Win32/Shapouf.A
This trojan infects pc from phishing mail attachment sent from some bank institute etc.
Fully updated Microsoft Windows 7 SP1 with real time scanning msft essential security antivirus is disarmed by this trojan!
Safety scanner detects this tojan but not purges it!
Reinstalled msft security essential tries to clean it, but unsuccessful!
Try better antvirus or completely reinstall/recover system.
Don’t open phishing mail!!!
Vulnerability of Sophos Endpoint Security and Control
Dalši hrozby zasazují rány systému Sophos Endpoint Security and Control.
Patrně ohlášená “automatická” (tomu snad nikdo nevěří) aktualizace Sophosu na v. 10.3. v avizovaném termínu 2.-9.10. má patrně spasit tento “děravý” systém?
Během poslední doby jsem zaregistroval, že plně aktualizovaný systém byl kompletně “odzbroje” hrozbou ve formě phisingu na Českou poštu a to konkrétně malwarem: Win32/Hesperbot.A.
Dále díru na lochnu (J) rozšířil “přiblblý” trojan, který v profilu nakaženého “vytapetuje na bílo”!
Kdo spoléhá na sophos, nechť radši skenuje ještě něčím jiným.
Another threat beating the Sophos Endpoint Security and Control. Probably announced “automatic” (no one believes) update of Sophos to v. 10.3 in term 2nd-9th Oct. should heal the “leaky” system? During the last time I noticed that a fully updated system was completely “disarmed” by threat in the form of phishing e-mail to Cze Mail corp. – malware: Win32/Hesperbot.A. Furthermore biger “hole” (J) expanded the “dumb” trojan that infects user profile with white screen (user can’t work)! WWho rely on the Sophos, rather scan with something else.
PowerShell. Move a list of computers to a specify organisation unit in Active Directory
Move – list – csv – computers – specify – OU – PowerShell – PowerGui
$computers = Get-Content c:\Users\name\Desktop\notebooks.csv
$computers | Foreach{Get-QADComputer $_ | Move-QADObject -NewParentContainer “ou=ntb,ou=computers,ou=domain,dc=domain,dc=local”}
PXE-T01: File not found PXE:E3B: TFTP Error- File not found PXE-MOF : Exiting Intel Boot Agent
PXE-T01: File not found
PXE:E3B: TFTP Error- File not found
PXE-MOF : Exiting Intel Boot Agent
1. Remove the SMS PXE role. Look at the PXESetup.log file to verify that the uninstall is complete and successful.
2. Uninstall the WDS server.
3. Reboot the machine.
4. Reboot again.
5. Rename the folder “RemoteInstall”.
6. Rename c:\windows\temp to c:\windows\temp.old
7. Re-install the WDS server, but “do not configure it”. Do nothing at all other than installing WDS.
8. Add the SMS PXE role. Look at the PXESetup.log file to verify that the installation is complete and successful.
9. Add the boot images to the SMS PXE DP share. Look at the distmgr.log file to verify that the replication of the boot image to the DP is complete and successful.
10. Try booting a PXE client.
-=BTW: Maybe only the step 6 can solve the problem=-
this task sequence cannot be run because the program files for cannot be located on a distribution point
Do you solve problem with SCCM 2007 R3?
Just send sccm kb to distribution point!
