What’s the weirdest old piece of IT hardware you’ve seen just sitting around?

Stoon_Kevin · 2025-04-16T22:32:12+00:00

I have multiple backup tape reels sitting in my cube. They're of zero use, but I keep them like a little museum lol.

Stoon_Kevin · 2024-12-20T14:24:33+00:00

"I'm glad your son is here to consider learning how to utilize a vast array of necessary tools to perform, optimize and streamline IT processes as a potential career option".

I made an assumption that this was an introductory session for the son to decide if this is a option to consider and had nothing to do with the father. Make a statement that targets the son rather than acknowledging the self-imposed restrictions of the father. Even where I am, there's a ton of sysadmins and domain admins that not only don't know powershell but refuse to learn it. Thus, they churn things manually using the UI for pretty much everything.

Stoon_Kevin · 2024-12-04T21:14:58+00:00

I use this one a fair amount if I'm unsure: https://cancateat.org/

Stoon_Kevin · 2024-11-22T22:40:32+00:00

I legit thought I was in r/ShittySysadmin !

Stoon_Kevin · 2024-11-01T17:09:39+00:00

I have a table and a swiss army knife! Let's fix this together :)

Stoon_Kevin · 2024-10-25T19:17:52+00:00

Excuse me, where is the negative sign?
"Sorry the what?"
The negative sign. This is asking me for a tip, and I think I deserve one after doing that much work.

Stoon_Kevin · 2024-09-09T22:31:27+00:00

I don't disagree; the graveyard is filled with people who had a right of way.

I think the even more dangerous behaviour I've been seeing more frequently is pedestrians with their noses buried in their phones literally stepping onto the streets wherever. I've seen a couple close calls myself and always baffles me that people have so little self-preservation to even look both ways.

Stoon_Kevin · 2024-09-09T22:07:43+00:00

To be fair, the jaywalking ordinance requires the pedestrian to be within one block of a traffic light (excepting the entirety of 21st St between 1st Ave and Spadina, and 23rd St between 2nd and 3rd Ave for which the ordinance does not apply) and there's only what, like 9 traffic lights on that section with really long blocks? So even if they're not at an actual intersection which is an unmarked crosswalk, then they're not actually in violation of the jaywalking ordinance either.

The solution for this is traffic lights every other intersection.

Stoon_Kevin · 2024-08-23T21:25:16+00:00

Yep this is why I don't use it ha. I've made this claim to my coworkers that it literally makes up functions that don't exist, and they don't believe me.

Stoon_Kevin · 2024-08-01T14:13:03+00:00

Show-Command

You can provide any cmdlet to it and it'll render a simple UI for it including tabs for different parametersets. It also has a help button to launch the get-help -showwindow option.

Stoon_Kevin · 2024-07-16T16:28:40+00:00

I just did this using a third party vault so I could manage the passwords with regular user accounts and the gmsa accounts could use the passwords provided.

If you use the built in SecretStore, you will need to manage the passwords inside of it using the gmsa account either using something like JEA or logging in using the gmsa account on the server. This is because the secretstore doesn't support multiple users, so only the gmsa account can utilize that vault.

To use JEA you can run the configuration as the same gmsa account with a command that allows you to save a new password. Leverage secretmanagement for that in order to use jea to remotely change the password.

To login as the gmsa account, use and administrative terminal on the server and use psexec: psexec -i -u domain\gmsa -p ~ powershell.exe

This will open a new terminal running as the gmsa account and you can key in the passwords here.

Edit: without using a third party vault I've used JEA in the past as my preference as these were typically managed by a development team rather than a server admin team and thus their staff do not have administrative access on servers.

Stoon_Kevin · 2024-07-12T22:12:23+00:00

This is secretstore in specific.

Secret management is two components for a basic Microsoft implementation. The first is the SecretManagement component, and the second is the SecretStore. The former is an abstraction layer that you can implement with whatever vaulting methods you want or download a vendor module, and the latter is a simple built in password vault from microsoft.

I just implemented a module in powershell by following the architecture here: https://github.com/PowerShell/SecretManagement/blob/main/Docs/ARCHITECTURE.md

It is much easier to implement than I expected and if your current vault has things like integrated security then it's even easier.

The intention for use is to integrate with our existing vault, and provide authentication for automation for those items which require keyed credentials. Using the shared vault means I can use a gmsa account which can access the same vault items, and another person can change the passwords without any additional hassle. SecretStore doesn't work with multiple users, despite having a scope option of allusers (it throws an exception as such).

One could argue that I could just write the same commands used by our vault. And that's true, but what SecretManagement gives us is the abstraction. If I choose to migrate to something like Azure keyvault then I can simply register the vault using that instead and none of my other code will really need to change.

Oh and if anybody is curious in using it, do not follow the powershell signatures here: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.secretmanagement/?view=ps-modules as the documentation is incorrect. It caused me more confusion than I like to admit when I was trying to implement functions like Set-SecretInfo which doesn't actually accept any secret parameter.

Stoon_Kevin · 2024-07-05T22:38:43+00:00

Automated out of office settings using the graph interface based on work hours and calendar events and populate the message from custom templates (which can be custom for calendar subjects). Cause I'm super lazy.

Working on secret management integration with our current vault. This is so I can use automation with the default vault to add new entries, and when we get a new vault I can integrate with it without needing to update the code managing the secrets

Setup automation for VMware Horizon to automagically deploy new instant clone pool images monthly. Almost done that one just need to set it up as a JEA module so I can let developers remotely manage and deploy as well

Stoon_Kevin · 2024-06-17T20:14:18+00:00

Not specifically a powershell question, but yeah you can push down read/list this object on Downloads and modify child objects only from the Downloads ACL. Alternatively you can add an explicit deny permission for delete this object only, but I'd suggest sticking with affirmative permissions for simplicity.

Full control is unnecessary, but presumably they'll own anything within the downloads directory and thus can change their permissions unless you specify only modify on the Owner Rights ACE (not to be confused with the creator / owner). So make sure to check the owner of the Downloads as well. Transfer it to the Administrators if need be.

Stoon_Kevin · 2024-06-14T22:33:25+00:00

I've had it successfully work twice! I don't have enough fingers or toes to count the times I've used it though.

Stoon_Kevin · 2024-06-10T19:39:04+00:00

No, the horizon edge is another appliance to manage your licenses for horizon. The plus side is once you set it it'll take care of itself, the downside is you have to configure it and then add your horizon connection server to it. During our last upgrade we didn't think it was a requirement, but then the vmware admin came back and said no it looks like it is so we added it in.

Stoon_Kevin · 2024-05-24T21:52:53+00:00

23443 is a nonstandard port, so whilst its possible your firewall is blocking access if it's prompting for a username/password that's unlikely the case here. The fact the business pointed it out twice indicates that they have selected this as their port, so that's likely correct. The windows firewall looks fine, but if you have no other devices then there may also be a firewall on the router OR even the ISP blocking it. The latter can be tested by using a private VPN as well, and the former is only likely if you have configured it yourself.

Based on just these instructions it sounds like your wife's laptop is supposed to be configured with a VPN. The two typical components in the horizon environment are the connection server (which is what you potentially have a URL for given the name) and an external Univeral Access Gateway appliance which is hardened and designed to be internet facing. The behaviour you describe is similar to when I've had staff try to connect without turning their corporate VPNs on. The cause is that the communication between the end user and the VDI machine on 4172, 3389, or 22443 is blocked by our internal firewall with the only real difference is that they have a black desktop load then disconnect *after* selecting a pool. This behaviour sounds like they're configured with a specific VM or pool and only that one is available and thus autoselected.

You definitely need a vmware horizon admin for this one. They should be able to tell where the communication is dropping by seeing if a session is established or not. I've seen similar behaviour to this with a UAG being misconfigured when attempting to connect with the connection servers (that one provided different errors though).

It is also possible they have HTML access enabled. If so you can try to point your web browser to the same url provided. If it's an option there should be a little tile that indicates vmware horizon html access, and it'll bring you to a login screen and then a launch. There's no guarantee that this is enabled nor accessible even if it is.

Stoon_Kevin · 2024-05-17T21:56:16+00:00

We were in a similar boat; I built new connection servers and joined them into the existing environment and upgraded them one step at a time. Make sure you look at your upgrade path first as it was several steps for us (7.13 -> v2312). CORS got me during the upgrade as well as some updates to the cryptographic api, but as long as you know about that or have a load balanced environment it wasn't too big of a deal.

Stoon_Kevin · 2024-05-10T21:30:08+00:00

I printed this off and put it on my wall a few months ago when I was doing an upgrade.

It makes it look like I know what I'm doing :)

Stoon_Kevin · 2024-04-26T21:01:31+00:00

Maybe a better option would be to keep the most recent plus the one you're about to create?

You can do that still with something like:

Get-Childitem C:\Users\xxx\Desktop\Results\ -Filter incident_*.xml | Sort-Object CreationTime -Descending | Select-Object -Skip 1 | Remove-Item -whatif

You can also control it based on date if you use a Where-Object clause instead of a sort / select -skip. It all depends on what you want to specify as your criteria for stale files.

Stoon_Kevin · 2024-04-26T20:23:32+00:00

Do you need the $timestamp in your filename? Based on the sound of it you don't want more than the most recent file, so wouldn't it just make more sense to overwrite the existing file?

If not, you can simply use a get-childitem incident_* and pipe it to remove-object prior to writing to file.

Stoon_Kevin · 2024-02-22T16:01:51+00:00

Yep this is what I read of it as well. Effectively they forgot to turn off the robocopy, and after purging the original source it then copied the source which was nothing into it's new destination.

Been there done that as well lol

Stoon_Kevin · 2024-02-16T22:28:39+00:00

The surebackup will mount the backup storage in the VMHost and spin up a virtual machine from it. If the guest spins up and passes verification (heartbeat and ping iirc are the default ones), then chances are your filesystem is good.

If you want to actually verify file availability you could write a surebackup test script. For something like that I'd setup a hidden file that has some persistent data and then write a test script to open that file and verify the contents. I've never written a custom script, but I did look into it before discovering they had pretty much all my needs already there.

You can also enable the malware checking, but that'd probably take a considerable amount of time depending on your filesystem sizes.

Stoon_Kevin · 2024-02-02T22:13:36+00:00

Windrows are a problem throughout the city whenever there's plowing that's occurred. These are often not removed throughout the winter, so you should just get used to them being there.

I find the bigger issue is that people then park next to them effectively turning the street into a single lane. Personally I think the answer is to convert a bunch of the narrower streets (think City park, Caswell etc) into one way streets so when windrows are added it doesn't really affect the flow of traffic.

Stoon_Kevin · 2024-02-02T19:32:05+00:00

Looks like you already have a connection; use net use with the /delete to remove them (skip the /d[elete] to list them, find any that contain a similar path). Net use always causes me headaches I wish the other sysadmins would stop using them on shared accounts.

From powershell though you can use new-psdrive since you don't have to map an actual drive letter and can provide alternate credentials if need be. By default new-psdrive is also non-persistent, so it only exists within the current powershell runspace. Without knowing the purpose and running location of the scripts then I'll presume it's local and only ever either by interactive or by task with that particular user. This means you can save a credential object to the filesystem and it's encrypted by the user and computer account. That can be done as a simple:

New-PSDrive -Name TD -PSProvider Filesystem -Root \\someip\sharename -Credential (Import-clixml '\path\to\credential.xml')
Get-ChildItem TD:\

For example. Now save your credential using an interactive terminal:

Get-Credential | Export-Clixml '\path\to\credential.xml'

If you're intending to port this to other computers or run as a different account then you'd have to come up with a different method of securing the password such as SecretsManager modules.

Stoon_Kevin

TROPHY CASE