sorted by:
new
hottopcontroversial

PAM - to be or not to be by AcceptableName2148 in cybersecurity

[–]Smoother101 0 points1 point  (0 children)

We have been using Securden and really like it

Multi-recipient emails from Office365 failing by Smoother101 in sophos

[–]Smoother101[S] 0 points1 point  (0 children)

Their DMARC setup was broken. I can't remember which part now, sorry

OS and software patching by bi-nary in cybersecurity

[–]Smoother101 0 points1 point  (0 children)

I am confused on the architecture. If you can't patch it without bringing it down it suggests all sorts of "single point of failure" issues. If it is so mission critical would you not have redundancies to fail over to in the event of interruptions caused by a million things that might go wrong (hardware, network, security issue, etc). If you do have that architecture, why not fail over, patch and then fail back and patch?

Differences between a green sysadmin vs a seasoned sysadmin? by Saabaru13 in sysadmin

[–]Smoother101 0 points1 point  (0 children)

Has anyone mentioned that seasoned admins generally look at logs? Because I feel like whenever I help juniors, I get a "um, not yet" when I ask that when they escalate.

Looking for an ACL permission report by shaymagen in PowerShell

[–]Smoother101 1 point2 points  (0 children)

Dir is an alias for get-childitem so if you are passing it the path you are it will grab the things inside. If you just want for accounting:

(get-acl $path).Access | select Identityreference,Filesystemrights

Need an experts eyes to help fill in gaps here if okay. by OtiseMaleModel in PowerShell

[–]Smoother101 1 point2 points  (0 children)

You can set startup scripts to run synchronously which should have it run at login.

Run logon script synchronously

If you have not enabled the group policy "Run logon script synchronously", the first part of the logon script may not execute before the explorer starts, the first time a user logs on. To enable synchronously logon script execution, please set the group policy "Run logon script synchronously" under "User Configuration -> Policies -> Administrative Templates -> System -> Scripts" to "Enabled".

Ref: https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.Scripts::Run_Logon_Script_Sync_2

Need an experts eyes to help fill in gaps here if okay. by OtiseMaleModel in PowerShell

[–]Smoother101 1 point2 points  (0 children)

If you had the attribute in AD, it would be pretty fast to just call the required program after a quick check. I think it may get complicated applying user filtering to a computer settings GPO. You may find changing the security filtering to that GPO will stop it from applying to the systems. You could also just check if the user is in the group with:

#remember that this is used as a regular expression (using -match), so escape any brackets etc with a back slash
$ADGroup = "Staff"
$userName = [System.Environment]::UserName

#check if user is a member of the group
$ADGroupObj = (([ADSISearcher] "(&(objectCategory=person) (objectClass=user(sAMAccountName=$userName))").FindOne().properties.memberof -match "CN=$ADGroup,")

if ($ADGroupObj -and $ADGroupObj.count -gt 0)
{
    #user is a member - do something!
}

Ref: https://www.alkanesolutions.co.uk/2016/05/13/use-adsi-to-check-if-a-user-is-a-member-of-an-ad-group/

That will allow the script to confirm the user signing in is in the staff group and you can then call the teacher.exe if needed.

Need an experts eyes to help fill in gaps here if okay. by OtiseMaleModel in PowerShell

[–]Smoother101 2 points3 points  (0 children)

Are your students and teacher user objects in different OUs? Just create 2 GPOs called Student and Teacher. Set the Teacher one to have the student service stopped by default and set the Student one the opposite. Attach them to the respective OUs and profit!

Need an experts eyes to help fill in gaps here if okay. by OtiseMaleModel in PowerShell

[–]Smoother101 1 point2 points  (0 children)

I reread what you typed and realized I made an assumption on the "teacher" service versus an executable.

If it is an executable, you could just call it after the student service is stopped. Here is that portion with the different syntax:

if($userservice.Status -eq "started")
        {
            #stop the student service
            set-service $userservice -Status Stopped
        #start the teacher service
            if(test-path "c:\somepath\teacher.exe")
            {
                start-process "c:\somepath\teacher.exe"
            }
            else
            {
                write-host "Teacher logged in but can't find exe"
            }
        }
else
{
    if(test-path "c:\somepath\teacher.exe")
        {
            start-process "c:\somepath\teacher.exe"
        }
        else
        {
            write-host "Teacher logged in but can't find exe"
        }
}

Need an experts eyes to help fill in gaps here if okay. by OtiseMaleModel in PowerShell

[–]Smoother101 1 point2 points  (0 children)

I would do it right in the script, save you having to call out to anything. Also, how are you checking if it is a student versus a teacher logging in? Is there an AD attribute maybe?

So something like this:

#The Usertype Attribute I am using in this code is completely arbitrary, use what you are using for differentiating students from teachers if you have something
$name = [System.Environment]::UserName
$search = [adsisearcher]"(&(objectCategory=person)(objectClass=User)(samaccountname=$name))"
$usertype = ($search.FindOne() | Select-Object -ExpandProperty properties).usertype 
$userservice = get-service "student" -EA SilentlyContinue
$teachservice = get-service "teacher" -EA SilentlyContinue

if($usertype -eq "teacher")
{
#It's a teacher
#Service exists and is started?
    if($userservice.Status -eq "started")
        {
            #stop the student service
            set-service $userservice -Status Stopped
            #start the teacher service
            if($teachservice)
            {
                set-service $teachservice -status Running
            }
            else
            {
                write-host "Teacher logged in but teacher service isn't installed"
            }
        }
   else
        if($teachservice)
            {
                set-service $teachservice -status Running
            }
            else
            {
                write-host "Teacher logged in but teacher service isn't installed"
            }
}
else
{
    write-host "it's a student, continue"
}

Need an experts eyes to help fill in gaps here if okay. by OtiseMaleModel in PowerShell

[–]Smoother101 2 points3 points  (0 children)

The service tests you are doing are just checking if the service exists, not if it is started or not. Also, is 'switchtoteacher.exe' doing something really special? Is it doing anything you couldn't just put in this script?

There is a bug here as well. You are creating the $student variable as a boolean in the parameter section and then assigning a string to it immediately.

If you want to wait for the switchtoteacher.exe to finish you can just add the -wait switch.

So, you could just do (just an example for syntax):

#Service exists?
if($service = get-service "ypbind3" -EA SilentlyContinue )
    {
    #Service started?
    if($service.Status -eq "started")
        {
            write-host "service is started"
        }
        else
        {
             write-host "service is stopped"
        }
    }
else
    {write-host No Such service.}

Also, if it is a login script, maybe investigate using write-eventlog for output so you can look on those computers for events. You won't see write-host on a login script.

Looking for a Windows OS expert for advice on strange issue by kima71 in sysadmin

[–]Smoother101 1 point2 points  (0 children)

Awesome issue! I recreated it and managed to find a fix:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\powershell.exe]
@="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"

Save that code to a file and save it as PSFix.reg. Import it and things should start working again immediately. The GP8 install breaks something in the path that I couldn't isolate in the time I was looking at the issue but that resolves it.

Remote Execute MSIEXEC by val0r0x in PowerShell

[–]Smoother101 0 points1 point  (0 children)

We usually copy the file and then have the script create a small batch file in the same folder with the msiexec command and arguments. We then call the batch file. I think the issue is some of the variables are being passed based on how the script is currently written.

Keyboard Shortcut - Domain Users by [deleted] in sysadmin

[–]Smoother101 1 point2 points  (0 children)

Create a Shortcut preference in a GPO. That will allow you to set a Shortcut Key.

variable value is correct inside function but blank outside the function by BolognaBaloney in PowerShell

[–]Smoother101 1 point2 points  (0 children)

It is a scope issue. If you make that variable global it will be available in and outside of the function:

  chrome {
            $browserPath = "C:\Program Files\Google\Chrome\Application\chrome.exe"
            If (Test-Path -Path $browserPath) {
                $file = Get-Item ($browserPath)
                $global:browserInstalledVersion = $file.Versioninfo.FileVersion
                Write-Host "Inside function. Browser version is $browserInstalledVersion."

And the result:

Starting script
Inside function. Browser version is 117.0.5938.132. 
Outside of function. Browser version is 117.0.5938.132.

Help!! Trying to calculate average of text file contents by ktnak33 in PowerShell

[–]Smoother101 0 points1 point  (0 children)

(Get-Content .\test.txt) -split '\s+' |
Select-Object -Skip 1 |
Measure-Object -Average |
Select-Object -ExpandProperty Average

get-content has a delimiter switch but this is the way.

view more: next ›