ServSysOps

Optimizing the Power CLI execution

22/08/2011 albertwt 1 comment

For 32 bit machine:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe install "VimService41.XmlSerializers, Version=4.1.0.0, Culture=neutral, PublicKeyToken=10980b081e887e9f"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe install "VimService40.XmlSerializers, Version=4.0.0.0, Culture=neutral, PublicKeyToken=10980b081e887e9f"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe install "VimService25.XmlSerializers, Version=2.5.0.0, Culture=neutral, PublicKeyToken=10980b081e887e9f"

For 64 bit machine:

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe install "VimService41.XmlSerializers, Version=4.1.0.0, Culture=neutral, PublicKeyToken=10980b081e887e9f"

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe install "VimService40.XmlSerializers, Version=4.0.0.0, Culture=neutral, PublicKeyToken=10980b081e887e9f"

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe install "VimService25.XmlSerializers, Version=2.5.0.0, Culture=neutral, PublicKeyToken=10980b081e887e9f

Categories: Uncategorized

get-netstat

05/07/2011 albertwt Leave a comment

Add-Type -TypeDefinition @"
using System;
using System.Net;
using System.Runtime.InteropServices;

public class NetworkUtil
{
[DllImport("iphlpapi.dll", SetLastError = true)]
static extern uint GetExtendedTcpTable(IntPtr pTcpTable, ref int dwOutBufLen, bool sort, int ipVersion, TCP_TABLE_CLASS tblClass, int reserved); [DllImport("iphlpapi.dll", SetLastError = true)]
static extern uint GetExtendedUdpTable(IntPtr pUdpTable, ref int dwOutBufLen, bool sort, int ipVersion, UDP_TABLE_CLASS tblClass, int reserved); [StructLayout(LayoutKind.Sequential)]
public struct MIB_TCPROW_OWNER_PID
{
public uint dwState;
public uint dwLocalAddr;
public uint dwLocalPort;
public uint dwRemoteAddr;
public uint dwRemotePort;
public uint dwOwningPid;
}
[StructLayout(LayoutKind.Sequential)]
public struct MIB_UDPROW_OWNER_PID
{
public uint dwLocalAddr;
public uint dwLocalPort;
public uint dwOwningPid;
}
[StructLayout(LayoutKind.Sequential)]
public struct MIB_TCPTABLE_OWNER_PID
{
public uint dwNumEntries;
MIB_TCPROW_OWNER_PID table;
}
[StructLayout(LayoutKind.Sequential)]
public struct MIB_UDPTABLE_OWNER_PID
{
public uint dwNumEntries;
MIB_UDPROW_OWNER_PID table;
}
enum TCP_TABLE_CLASS
{
TCP_TABLE_BASIC_LISTENER,
TCP_TABLE_BASIC_CONNECTIONS,
TCP_TABLE_BASIC_ALL,
TCP_TABLE_OWNER_PID_LISTENER,
TCP_TABLE_OWNER_PID_CONNECTIONS,
TCP_TABLE_OWNER_PID_ALL,
TCP_TABLE_OWNER_MODULE_LISTENER,
TCP_TABLE_OWNER_MODULE_CONNECTIONS,
TCP_TABLE_OWNER_MODULE_ALL
}
enum UDP_TABLE_CLASS
{
UDP_TABLE_BASIC,
UDP_TABLE_OWNER_PID,
UDP_OWNER_MODULE
}

public static Connection[] GetTCP()
{

MIB_TCPROW_OWNER_PID[] tTable;
int AF_INET = 2;
int buffSize = 0;

uint ret = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); IntPtr buffTable = Marshal.AllocHGlobal(buffSize);

try
{
ret = GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0); if (ret != 0)
{
Connection[] con = new Connection[0];
return con;
}

MIB_TCPTABLE_OWNER_PID tab = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID));
IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries)); tTable = new MIB_TCPROW_OWNER_PID[tab.dwNumEntries];

for (int i = 0; i &lt; tab.dwNumEntries; i++)
{
MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID)); tTable[i] = tcpRow;
rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow)); // next entry }
}
finally
{ Marshal.FreeHGlobal(buffTable);}
Connection[] cons = new Connection[tTable.Length];

for(int i=0; i &lt; tTable.Length; i++)
{
IPAddress localip = new IPAddress(BitConverter.GetBytes(tTable[i].dwLocalAddr));
IPAddress remoteip = new IPAddress(BitConverter.GetBytes(tTable[i].dwRemoteAddr)); byte[] barray = BitConverter.GetBytes(tTable[i].dwLocalPort); int localport = (barray[0] * 256) + barray[1]; barray = BitConverter.GetBytes(tTable[i].dwRemotePort); int remoteport = (barray[0] * 256) + barray[1]; string state;
switch (tTable[i].dwState)
{
case 1:
state = "Closed";
break;
case 2:
state = "LISTENING";
break;
case 3:
state = "SYN SENT";
break;
case 4:
state = "SYN RECEIVED";
break;
case 5:
state = "ESTABLISHED";
break;
case 6:
state = "FINSIHED 1";
break;
case 7:
state = "FINISHED 2";
break;
case 8:
state = "CLOSE WAIT";
break;
case 9:
state = "CLOSING";
break;
case 10:
state = "LAST ACKNOWLEDGE";
break;
case 11:
state = "TIME WAIT";
break;
case 12:
state = "DELETE TCB";
break;
default:
state = "UNKNOWN";
break;
}
Connection tmp = new Connection(localip, localport, remoteip, remoteport, (int)tTable[i].dwOwningPid, state); cons[i] = (tmp);
}
return cons;
}
public static Connection[] GetUDP()
{
MIB_UDPROW_OWNER_PID[] tTable;
int AF_INET = 2; // IP_v4
int buffSize = 0;

uint ret = GetExtendedUdpTable(IntPtr.Zero, ref buffSize, true, AF_INET, UDP_TABLE_CLASS.UDP_TABLE_OWNER_PID, 0); IntPtr buffTable = Marshal.AllocHGlobal(buffSize);

try
{
ret = GetExtendedUdpTable(buffTable, ref buffSize, true, AF_INET, UDP_TABLE_CLASS.UDP_TABLE_OWNER_PID, 0); if (ret != 0)
{//none found
Connection[] con = new Connection[0];
return con;
}
MIB_UDPTABLE_OWNER_PID tab = (MIB_UDPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_UDPTABLE_OWNER_PID));
IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries)); tTable = new MIB_UDPROW_OWNER_PID[tab.dwNumEntries];
for (int i = 0; i &lt; tab.dwNumEntries; i++)
{
MIB_UDPROW_OWNER_PID udprow = (MIB_UDPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_UDPROW_OWNER_PID)); tTable[i] = udprow;
rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(udprow)); }
}
finally
{ Marshal.FreeHGlobal(buffTable);}
Connection[] cons = new Connection[tTable.Length];

for (int i = 0; i &lt; tTable.Length; i++)
{
IPAddress localip = new IPAddress(BitConverter.GetBytes(tTable[i].dwLocalAddr)); byte[] barray = BitConverter.GetBytes(tTable[i].dwLocalPort); int localport = (barray[0] * 256) + barray[1];
Connection tmp = new Connection(localip, localport, (int)tTable[i].dwOwningPid); cons[i] = tmp;
}
return cons;
}
}
public class Connection
{
private IPAddress _localip, _remoteip;
private int _localport, _remoteport, _pid;
private string _state, _remotehost, _proto;
public Connection(IPAddress Local, int LocalPort, IPAddress Remote, int RemotePort, int PID, string State) {
_proto = "TCP";
_localip = Local;
_remoteip = Remote;
_localport = LocalPort;
_remoteport = RemotePort;
_pid = PID;
_state = State;
}
public Connection(IPAddress Local, int LocalPort, int PID) {
_proto = "UDP";
_localip = Local;
_localport = LocalPort;
_pid = PID;
}
public IPAddress LocalIP { get{ return _localip;}}
public IPAddress RemoteIP{ get{return _remoteip;}}
public int LocalPort{ get{return _localport;}}
public int RemotePort{ get { return _remoteport; }}
public int PID{ get { return _pid; }}
public string State{ get { return _state; }}
public string Protocol{get { return _proto; }}
public string RemoteHostName
{
get {
if (_remotehost == null)
_remotehost = Dns.GetHostEntry(_remoteip).HostName; return _remotehost;
}
}
public string PIDName{ get { return (System.Diagnostics.Process.GetProcessById(_pid)).ProcessName; } } }
"@

function Get-NetStat
{
PARAM([switch]$TCPonly, [switch]$UDPonly)
if(!$UDPonly)
{$tcp = [NetworkUtil]::GetTCP()}
if(!$tcponly)
{$udp = [NetworkUtil]::GetUDP()}
$results = $tcp + $udp
return $results
}

Get-netstat | ft -AutoSize

Categories: Uncategorized

Check Server hard disk space

23/06/2011 albertwt Leave a comment

Clear-Host

# Issue warning if % free disk space is less

$percentWarning = 40;

# Get server list

$servers = Get-ExchangeServer | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true}

#Get-QADComputer -OSName “Windows Server*” | Select-Object -expand name

#Get-Content “$Env:USERPROFILE\serverlist.txt”;

$datetime = Get-Date -Format “yyyyMMddHHmmss”;

# Add headers to log file

#Add-Content “$Env:USERPROFILE\server disks $datetime.txt” “server,deviceID,size,freespace,percentFree”;

# How many servers

$server_count = $servers.Length;

# processed server count

$i = 0;

foreach($server in $servers) {

$server_progress = [int][Math]::Ceiling((($i / $server_count) * 100))

# Parent progress bar

Write-Progress -Activity “Checking $server” -PercentComplete $server_progress -Status “Processing servers – $server_progress%” -Id 1;

Sleep(1); # Sleeping just for progress bar demo

# Get fixed drive info

$disks = Get-WmiObject -ComputerName $server -Class Win32_LogicalDisk -Filter “DriveType = 3″;

# How many disks are there?

$disk_count = $disks.Length;

$x = 0;

foreach($disk in $disks) {

$disk_progress = [int][Math]::Ceiling((($x / $disk_count) * 100));

$disk_name = $disk.Name;

$volumename = $disk.VolumeName;

Write-Progress -Activity “Checking disk $disk_name” -PercentComplete $disk_progress -Status “Processing server disks – $disk_progress%” -Id 2;

Sleep(1);

$deviceID = $disk.DeviceID;

[float]$size = $disk.Size;

[float]$freespace = $disk.FreeSpace;

$percentFree = [Math]::Round(($freespace / $size) * 100, 2);

$sizeGB = [Math]::Round($size / 1073741824, 2);

$freeSpaceGB = [Math]::Round($freespace / 1073741824, 2);

$usedGB = $sizeGB – $freeSpaceGB

$colour = “Green”;

if($percentFree -lt $percentWarning) {

$colour = “Red”;

}

if ( $volumename -eq “” ) {

$volumename = “*”

}

Write-Host -ForegroundColor $colour “$server $deviceID – disk size – $volumename ($sizeGB GB), used space ($usedGB GB), free space ($freeSpaceGB GB), percentage free space = $percentFree %”;

#Add-Content “$Env:USERPROFILE\server disks $datetime.txt” “$server,$deviceID,$sizeGB,$freeSpaceGB,$percentFree”;

$x++;

}

# Finish off the progress bar

Write-Progress -Activity “Finished checking disks for this server” -PercentComplete 100 -Status “Done – 100%” -Id 2;

Sleep(1); # Just so we see!

$i++;

Write-Host “”

}

Write-Progress -Activity “Checked all servers” -PercentComplete 100 -Status “Done – 100%” -Id 1;

Sleep(1);

Categories: Active Directory, Exchange Server, Powershell

DOS Command for security auditing

21/06/2011 albertwt Leave a comment

pushd \\FileServer\Directory\
md %computername%
cd %computername%

ver > Evidence_Basic.txt

wmic computersystem get Domain, Name >> Evidence_Basic.txt

wmic service where state=“Running” get DisplayName, Caption > Evidence_Running.txt

netstat -an | findstr /I “listen udp” | find /V “127.0.0.1″ > Evidence_netstat.txt

wmic startup list brief > Evidence_Start.txt

wmic share list brief > Evidence_Share.txt

wmic useraccount where Disabled=FALSE get Description, Name, PasswordExpires, PasswordRequired > Evidence_Useracc_Dis.txt

wmic logicaldisk get VolumeName, Caption, FileSystem > Evidence_logicaldisk.txt

ipconfig | findstr /C:”IP Address” >> Evidence_basic.txt

wmic nicconfig get Description, IpAddress | findstr “{*}” | findstr /V “0.0.0.0″ > Evidence_nicconfig.txt

wmic qfe get HotFixID, InstalledOn | find /V “File” > Evidence_Hotfix.txt

wmic desktop get Name, ScreenSaverActive, ScreenSaverSecure, ScreenSaverTimeout > Evidence_Screensaver.txt

net accounts > Evidence_accounts.txt
net accounts /domain > Evidence_accountsD.txt

net localgroup administrators /domain > Evidence_localgroup_admin.txt

net group “domain admins” /domain > Evidence_group_DA.txt

reg query HKLM\SYSTEM\CurrentControlSet\Control\LSA | find “lmcompatibilitylevel” > Evidence_reg_query_LM.txt

reg query HKLM\SYSTEM\CurrentControlSet\Control\LSA | find “NoLMHash” > Evidence_reg_query_NoLM.txt

reg query “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\rdp-tcp” | findstr /I “minencryptionlevel” > Evidence_reg_query_mine.txt

wmic service where name=“EventLog” get Name, SystemName, StartMode, Status > Evidence_service_event.txt

net time /querysntp >> Evidence_basic.txt

reg query HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities > Evidence_reg_query_ValidCommunities.txt

wmic service where name=“SharedAccess” get DisplayName, Started, StartMode, State > Evidence_service_shared.txt

netsh firewall show opmode | findstr “profile mode” > Evidence_firewall_mode.txt

netsh firewall show state verbose=enable | findstr “Group Policy” > Evidence_fw_state.txt

popd

start “” cmd /c ping -n 5 127.0.0.1 ^& del “%~0“

Categories: Active Directory, Batch

Get-RemoteDiskUsageStatus

05/02/2010 albertwt Leave a comment

Clear-Host
# Issue warning if % free disk space is less
$percentWarning = 40;
# Get server list
$servers = Get-ExchangeServer | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true}
	#Get-QADComputer -OSName "Windows Server*" | Select-Object -expand name
	#Get-Content "$Env:USERPROFILE\serverlist.txt";

$datetime = Get-Date -Format "yyyyMMddHHmmss";

# Add headers to log file
#Add-Content "$Env:USERPROFILE\server disks $datetime.txt" "server,deviceID,size,freespace,percentFree";
# How many servers
$server_count = $servers.Length;
# processed server count
$i = 0;

foreach($server in $servers) {
	$server_progress = [int][Math]::Ceiling((($i / $server_count) * 100))
	# Parent progress bar
	Write-Progress -Activity "Checking $server" -PercentComplete $server_progress -Status "Processing servers - $server_progress%" -Id 1;
	Sleep(1); # Sleeping just for progress bar demo
	# Get fixed drive info
	$disks = Get-WmiObject -ComputerName $server -Class Win32_LogicalDisk -Filter "DriveType = 3";

 	# How many disks are there?
	$disk_count = $disks.Length;

 	$x = 0;
	foreach($disk in $disks) {
		$disk_progress = [int][Math]::Ceiling((($x / $disk_count) * 100));
		$disk_name = $disk.Name;
		$volumename = $disk.VolumeName;
		Write-Progress -Activity "Checking disk $disk_name" -PercentComplete $disk_progress -Status "Processing server disks - $disk_progress%" -Id 2;
		Sleep(1);
		$deviceID = $disk.DeviceID;
		[float]$size = $disk.Size;
		[float]$freespace = $disk.FreeSpace;

		$percentFree = [Math]::Round(($freespace / $size) * 100, 2);
		$sizeGB = [Math]::Round($size / 1073741824, 2);
		$freeSpaceGB = [Math]::Round($freespace / 1073741824, 2);
 		$usedGB = $sizeGB - $freeSpaceGB

		$colour = "Green";
		if($percentFree -lt $percentWarning) {
			$colour = "Red";
		}

		if ( $volumename -eq "" ) {
			$volumename = "*"
		}

		Write-Host -ForegroundColor $colour "$server $deviceID - disk size - $volumename ($sizeGB GB), used space ($usedGB GB), free space ($freeSpaceGB GB), percentage free space = $percentFree %";
		#Add-Content "$Env:USERPROFILE\server disks $datetime.txt" "$server,$deviceID,$sizeGB,$freeSpaceGB,$percentFree";
		$x++;
	}
	# Finish off the progress bar
	Write-Progress -Activity "Finished checking disks for this server" -PercentComplete 100 -Status "Done - 100%" -Id 2;
	Sleep(1); # Just so we see!
	$i++;
	Write-Host ""
}
Write-Progress -Activity "Checked all servers" -PercentComplete 100 -Status "Done - 100%" -Id 1;
Sleep(1);

Categories: Powershell

Random Ramblings

God allows a crisis to get our attention, and then He uses the crisis to develop our character. 5 days ago
I just ousted Lincy L. as the mayor of Mrs. Chan on @foursquare! 4sq.com/aIrQsz 1 week ago
I just ousted Dylan M. as the mayor of Fujiya on @foursquare! 4sq.com/71VrRR 1 week ago
Janganlah ada perkataan kotor keluar dari mulutmu, tetapi pakailah perkataan yang baik untuk membangun, di mana… bible.us/Eph4.29.TB 1 week ago
I just ousted @daft_hamm as the mayor of Jonga Jip on @foursquare! 4sq.com/b60ksU 2 weeks ago
Job Vacancy: Permanent Windows System Administrator [Windows + VMware] in Sydney CBD area in CUSCAL send me PM if interested. 2 weeks ago
I just got a new high score of 922,655 in Phoenix HD! Try to beat that! #phoenixforiphone goo.gl/8UfhU 3 weeks ago
FAMILY = Father And Mother I Love You. 3 weeks ago
I just got a new high score of 987,179 in Phoenix HD! Try to beat that! #phoenixforiphone goo.gl/8UfhU 3 weeks ago
I just got a new high score of 608,454 in Phoenix HD! Try to beat that! #phoenixforiphone goo.gl/8UfhU 4 weeks ago

Follow @atedja

ServSysOps

Optimizing the Power CLI execution

get-netstat

Check Server hard disk space

DOS Command for security auditing

Get-RemoteDiskUsageStatus

Email Subscription

Random Ramblings

Blog Stats

Monthly post archive

Tags

Follow “ServSysOps”