Installing WSUS Prerequisites Easily in a Disconnected Server

at 4/27/2012 11:08:00 AM
Our company has an internet-isolated environment, and I was requested to create a WSUS infrastructure there.
The most annoying thing about installing a disconnected WSUS server is that you can't do it via the server manager (because it requires a working internet connection) but rather through an exe file, and that file won't install the prerequisites, just complain that some of them are missing (without informing you which ones), compared to the automatic prerequisite installation of the server manager.
Well, problem solved through the power of scripting!
The following line of code will install all of WSUS's windows-related components without actually installing WSUS through the "ServerManager" module:
ipmo ServerManager;
Get-WindowsFeature OOB-WSUS | select -exp DependsOn | Add-WindowsFeature
Labels: , , Links to this post
0 comments

Automaticlly Extracting Downloaded Torrents

at 4/14/2012 11:12:00 PM
As every average geek, I too download torrents (containing only legal, copyright-free material, of course), and most of the time the torrents contain multi-file archives that contain the really juicy data. A lot of times I return home, and find some new torrent has completed downloading, but I have to manually extract the file and wait for THAT to complete.
Well, wait no more!
Through µTorrent's "Run Program" setting (Options>Preferences>Advanced>Run Program), I can execute any command line application I want whenever a torrent completes. Of course, I use it to execute a PowerShell Script :-D
The actual line I put there is:
powershell.exe -executionPolicy RemoteSigned -file  "%D" "%T" "%N" "%L"
The extra tags at the end are used to pass data to the script - namely the torrent's incoming directory, primary tracker, title and primary label. I keep all of the parameters other than the directory for future use (for example, I may wish to send podcasts automatically into my Kindle-Mail some day).
The script itself only extracts rar files using the GREAT open-source archiver 7zip which has a command line interface, and it goes like this:
 param(
[string]$TorrentDir,
[string]$Tracker,
[string]$Title,
[string]$Label
)

"TorrentDir:`t $TorrentDir
Tracker:`t $Tracker
Title:`t`t $Title
Label:`t`t $Label"

# Extract if torrent is composed entirely of rar files into smaller subfolder:
# Check if directory has only rar
$rars = ls $TorrentDir | ?{$_.name -match '\.r(ar|[0-9]{2})$'}
$leadRar = ls $TorrentDir | ?{$_.name -match '\.rar$'}
$nonrars = ls $TorrentDir | ?{$_.name -notmatch '^(Sample(s?)|.+\.r(ar|[0-9]{2})|.+\.sfv|.+\.nfo|folder.jpg)$'}
if((!($nonrars)) -and $leadRar){
    # Directory is release directory
    echo "Extracting"
    $exDir = (mkdir (join-path ($TorrentDir) 'Extracted')).fullname
    $res = &'\Program Files\7-Zip\7z.exe' x "-o$($exDir)" "$($leadRar.fullname)" -y
    if($res | ?{$_ -match 'Everything is Ok'}) {echo "All Good"}
    else {Write-Error "Failed: $res";Read-Host "Press the any key to continue"}
}
else {echo 'nothing here'}
You can see that first it outputs all of the details acquired from µTorrent, checks if the incoming directory has only .rar files (and secondary files, such as ".r01"), ignoring sample directories, .nfo files etc. If so, it tells 7zip to extract the primary .rar file into a directory called "Extracted".
Hope it helps!
Labels: , , Links to this post
0 comments

Remotely Viewing Machine Certificates With Minimal Permissions

at 4/11/2012 11:56:00 AM
We've started remotely monitoring our certificate stores on critical servers, and wanted the monitoring software to be able to remotely connect to our servers' personal certificate stores.
I quickly found a script to enumerate all certificates in a specific store on a remote computer:
function Get-Cert( $computer=$env:computername ){
$ro=[System.Security.Cryptography.X509Certificates.OpenFlags]"ReadOnly"
$lm=[System.Security.Cryptography.X509Certificates.StoreLocation]"LocalMachine"
$store=new-object System.Security.Cryptography.X509Certificates.X509Store("\\$computer\root",$lm)
$store.Open($ro)
$store.Certificates
}
However, as long as the user was not an administrator, it got "access is denied" whenever it tried to open the store ("$store.Open").
Since I don't want the monitoring software to have local admin rights on our servers (BAD habit), I tried troubleshooting the problem. I found out that the script works locally for every user, so it must be some sort of a remoting issue.
After two hours of troubleshooting I found the problem - non-administrators, by default, can't execute remote queries against the registry, which is where certificates are stored by default (as told by ProcMon while querying locally).
So after granting the monitoring software remote registry permissions, according to kb314837, suddenly opening the remote store worked perfectly.
I could rage about it not being documented anywhere, but if everything was properly documented my work will be really boring... Have fun remote-querying!
Labels: , , , , Links to this post
0 comments
Subscribe to: Posts (Atom)