While helping a peer at a Junior College clean up a their Active Directory I wrote this one liner to set the Display Name field uniformly for all of their accounts. It just takes every AD account with a specific UPN and sets display name to Last, First for each user based on what they already have in AD for Given Name and Surname.
PowerShell, Write log and email
One of the key components to many of my scripts is to have it produce either a transcript or CSV or both and send out an email with that attached. You can take and modify this code to make files for input into a Database or to simply send out a “I ran a script” email.
Block petya virus on a computer
Yesterday news started to break about a new virus making the rounds. Initially it was being referred to as ransom-ware but the email address to get a recovery key after paying has been blocked and researchers have now discovered that the HD is in fact not encrypted but the MBR destroyed and there is no recovery (Link to more information about that here). There are also several sources speculating that this was a Nation State attack masked as a ransom-ware, Wired Magazine wrote this about the virus and possible ties to Russia. There appears to be a way to “inoculate” your computer to block the virus from infecting you and that is what this will show.
PowerShell, Rename Computer Remotely
In keeping with the last few posts this is a short but handy IT tool in a short but (hopefully) handy post. Computer naming conventions are a common practice in almost every organization. However, sometimes a machine gets misnamed or moved and we need to rename it. Of course you could send a tech or sysadmin to lay-on-hands and change the computer name through the GUI but that is time consuming and if the machine is at a remote site impractical. Luckily PowerShell can help us out here.
PowerShell to Create Secure PSCredentials for scripts
Rather than having a username and password in plain text you might want to put the password into a file in an unreadable format. This has some pretty clear benefit that you are not fully exposing the password. From time to time of course you want to test with a password in plain text but in production that practice should be avoided if possible. Clearly if someone “bad” acquires the file they could essentially have the password username (if they got this from your automation script) combination. A sysadmin could minimize that threat by limiting who has access to the servers and use file permissions to protect the password text file.
Add IE Trusted Sites without AD GPO
Building off of the post from yesterday about checking Trusted Sites in IE using PowerShell this is how to add a Trusted Site on a single computer without rolling it out domain wide with a GPO. This is handy in situations where a site might need to be trusted temporarily or only on one computer and pushing it out over a Group Policy Object is more work then needed. Continue reading
Show IE trusted sites from PowerShell
Like most organizations Sul Ross uses Active Directory Group Policy Objects to manage the Trusted Sites list in the Internet Explorer Internet Zone. If you are a part of Sul Ross and need to have a site added University wide or just to a single computer please reach out to help desk by emailing techassist@sulross.edu or calling extension 8888. If you’d like to just check what sites are listed in the Trusted Sites section on your computer you can run the following command.
IP info in an easy .bat file
Get the info you need from a user quickly with a bat file like this one.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
@color F0 @echo IP INFORMATION @echo Help Desk x8888 @ipconfig /all | find "IPv4" @ipconfig /all | find "Host Name" @ipconfig /all | find "DNS Servers" @ipconfig /all | find "Default Gateway" @ipconfig /all | find "DHCP Server" @ipconfig /all | find "Lease Obtained" @ipconfig /all | find "Lease Expires" @echo MAC Address @getmac /FO LIST | find "Physical Address" @echo Pinging Self @ping -n 1 127.0.0.1 | find "TTL" @echo Pinging Core Network @REM put your gateway below @ping -n 1 10.1.1.190 | find "TTL" @echo Pinging Internet @ping -n 1 8.8.8.8 | find "TTL" @echo Domain and Username @whoami @ver @pause |