As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

[SysAdmin] More like unItanium.

SeidkonaSeidkona Had an upgradeRegistered User regular
edited October 2017 in Moe's Stupid Technology Tavern
Below is a compilation of links we've found to be helpful for Sys Admins (capitalized because we're important, like a towel):

AntiVirus/AntiMalware Tools:
Networking Tools:
Miscellaneous Tools:
  • APC Power Estimator - estimates your power needs based on devices, which you can specify
  • Dependency Walker - scans modules and builds a hierarchical dependency tree
  • Greenshot -- Screenshot + utilies
  • HJSplit -- Split/Join files
  • Jing - Screenshot + utilities
  • Notepad++ -- Enhanced Notepad (e.g., color coding)
  • WinDirStat -- File space analysis
  • HTAccess Redirect Generator -- Generate Redirects
  • Hostsman Manage Multiple Hosts files from one utility.
  • PC Decrapifier inventories all the bloatware (HP/Dell Utilities, etc) on a PC based on user-driven feedback and recommendations and removes them sans-uninstallers. Great for cleaning useless shit off out-of-the-box PCs.
  • Recuva undelete software that restores deleted files, as well as files on damaged or freshly formatted drives. Paid corporate licensing but free for personal use wink wink nudge nudge.
  • NirSoft has utilities to do nearly anything you want to do from sniffing passwords out of FTP/HTTP/SMTP traffic on your network to editing Outlook NK2 Autocomplete files to retrieving your Windows/Office product key to a nice viewer for BSOD minidump files.
  • Screen Connect Free Use this to create a free tech support portal for yourself for personal use.
  • VM for learning Puppet
  • MobaXterm Super handy terminal program. Has local Cygwin shell and can spin up a lot of servers. Get it.

Printer Configuration tools:

0amLr1Ul.png

Ransomware/Cryptoware information sheet

Stress Relief Tools:

...more to come

last updated 5.25.2017

Mostly just huntin' monsters.
XBL:Phenyhelm - 3DS:Phenyhelm
Seidkona on
«13456799

Posts

  • bowenbowen How you doin'? Registered User regular
    how dare you

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • SeidkonaSeidkona Had an upgrade Registered User regular
    Poweshell civil war can continue here.

    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
  • bowenbowen How you doin'? Registered User regular
    Aioua wrote: »
    bowen wrote: »
    also you totes can impersonate users in windows

    ...how?

    I mean I can change their password, then log in as them.

    I can't be like "Hey let me log in as DOMAIN\USER, here's my DOMAIN\SUPERUSER credential"

    there's apis for it

    no native powershell nonsense because get fucked powershell that's why

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    bowen wrote: »
    Aioua wrote: »
    bowen wrote: »
    also you totes can impersonate users in windows

    ...how?

    I mean I can change their password, then log in as them.

    I can't be like "Hey let me log in as DOMAIN\USER, here's my DOMAIN\SUPERUSER credential"

    there's apis for it

    no native powershell nonsense because get fucked powershell that's why

    wait what

    I was under the impression this was fundamentally incompatible with the NT security model

    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
  • SeidkonaSeidkona Had an upgrade Registered User regular
    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
  • bowenbowen How you doin'? Registered User regular
    There's also 'runas' in cmd, not sure if powershell has such a wacky overpowered command that mimics it.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • SeidkonaSeidkona Had an upgrade Registered User regular
    start powershell -credential ""

    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
  • DelzhandDelzhand Hard to miss. Registered User regular
    oh cool, we fighting over whether powershell sucks again?

  • wunderbarwunderbar What Have I Done? Registered User regular
    Delzhand wrote: »
    oh cool, we fighting over whether powershell sucks again?

    becuase the install guide isn't clear, and they're arguing over which way to get the coupon app going, and they're doing this during on call hours, and a packet joke.


    Did I get them all?

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
  • DelzhandDelzhand Hard to miss. Registered User regular
    wunderbar wrote: »
    Delzhand wrote: »
    oh cool, we fighting over whether powershell sucks again?

    becuase the install guide isn't clear, and they're arguing over which way to get the coupon app going, and they're doing this during on call hours, and a packet joke.


    Did I get them all?

    HR is the owner's wife

    I've told you before that only users get that wrong

  • wunderbarwunderbar What Have I Done? Registered User regular
    Delzhand wrote: »
    wunderbar wrote: »
    Delzhand wrote: »
    oh cool, we fighting over whether powershell sucks again?

    becuase the install guide isn't clear, and they're arguing over which way to get the coupon app going, and they're doing this during on call hours, and a packet joke.


    Did I get them all?

    HR is the owner's wife

    I've told you before that only users get that wrong

    HR told me I can't bring up her marital status.

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
  • bowenbowen How you doin'? Registered User regular
    edited May 2017
    Entaru wrote: »
    start powershell -credential ""

    that's starting powershell with those credentials though

    runas lets you actually run things as another user, ie, can be scripted

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    edited May 2017
    bowen wrote: »
    Entaru wrote: »
    start powershell -credential ""

    that's starting powershell with those credentials though

    runas lets you actually run things as another user, ie, can be scripted

    You can tag the credential parameter onto most cmdlets, it's pretty neat!

    and Start-Process with a -credential does what runas.exe does, basically

    or you could just call runas.exe inside powershell

    But that's not what I meant by impersonate. I meant using your credentials to authenticate and run something as another user (assuming you have the appropriate permissions over that user). Can't you do that in *nix?

    Aioua on
    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
  • CogCog What'd you expect? Registered User regular
    I am marking this thread with my pee.

  • SeidkonaSeidkona Had an upgrade Registered User regular
    Aioua wrote: »
    bowen wrote: »
    Entaru wrote: »
    start powershell -credential ""

    that's starting powershell with those credentials though

    runas lets you actually run things as another user, ie, can be scripted

    You can tag the credential parameter onto most cmdlets, it's pretty neat!

    and Start-Process with a -credential does what runas.exe does, basically

    or you could just call runas.exe inside powershell

    But that's not what I meant by impersonate. I meant using your credentials to authenticate and run something as another user (assuming you have the appropriate permissions over that user). Can't you do that in *nix?

    Oh. Yeah, I misunderstood.

    Yeah, you can do that in *nix.

    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
  • CogCog What'd you expect? Registered User regular
    Ransomware makes me really really angry for reasons I find it difficult to quantify.

  • RadiationRadiation Registered User regular
    Cog wrote: »
    I am marking this thread with my pee.

    Isn't that prime Jeeves duty?

    PSN: jfrofl
  • CogCog What'd you expect? Registered User regular
    Radiation wrote: »
    Cog wrote: »
    I am marking this thread with my pee.

    Isn't that prime Jeeves duty?

    Please, pissing is one of the few things I still have to do for myself around here.

  • wunderbarwunderbar What Have I Done? Registered User regular
    I'm using System Center Data Protection manager to recover a single SharePoint item for the first time in my life.

    Where's that desk whiskey?

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
  • SeidkonaSeidkona Had an upgrade Registered User regular
    Laptop I just upgraded for the presentation machine.

    It's dead. Fan error. What do you people do with these things? Throw them around?

    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
  • CogCog What'd you expect? Registered User regular
    wunderbar wrote: »
    I'm using System Center Data Protection manager to recover a single SharePoint item for the first time in my life.

    Where's that desk whiskey?

    We actually have that here too.

  • CogCog What'd you expect? Registered User regular
    Entaru wrote: »
    Laptop I just upgraded for the presentation machine.

    It's dead. Fan error. What do you people do with these things? Throw them around?

    09.jpg

  • EchoEcho ski-bap ba-dapModerator mod
    So I was thinking of cobbling together some powershell whirlygig that creates a .bat file for launching stuff, since I frequently find myself installing "C:\Program Files\Foo\Bar.exe" and I don't want to shit my PATH up with yet another folder so I want a script that makes a batch file in a directory in the path that starts that for me.

  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    Echo wrote: »
    So I was thinking of cobbling together some powershell whirlygig that creates a .bat file for launching stuff, since I frequently find myself installing "C:\Program Files\Foo\Bar.exe" and I don't want to shit my PATH up with yet another folder so I want a script that makes a batch file in a directory in the path that starts that for me.

    I know I'm me and all, but powershell probably isn't necessary for this?

    Like if the batch file will go into c:\pathshortcuts\ and read
    echo off
    C:\Program Files\Foo\Bar.exe
    

    you'd still need to like, type "C:\Program Files\Foo\Bar.exe" into your script so it can make the bat
    the bulk of the work is typing out the path to the exe innit?

    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
  • jaziekjaziek Bad at everything And mad about it.Registered User regular
    Nosf wrote: »

    I know our production network has a link into N3 (the NHS network), but I'm 99% sure that it's ACLed to only allow port 443, so it shouldn't be vulnerable to the SMB attack vector that this is reported to be using.

    I haven't received any calls yet, so I'm guessing we're safe.

    Steam ||| SC2 - Jaziek.377 on EU & NA. ||| Twitch Stream
  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    8a
    to: manager
    hey I'm sending out a laptop for your new hire on monday, double checking should that just go to his home address like in the request?

    12p
    to: vowels
    no don't do that send it to the hotel where we'll be doing training

    1p
    to: manager
    ok where is it

    *crickets*

    well I guess this guy won't be getting his laptop on monday

    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
  • bowenbowen How you doin'? Registered User regular
    I'd probably call him on his cell before I left for the day.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    bowen wrote: »
    I'd probably call him on his cell before I left for the day.

    I did

    about an hour before the shipping deadline

    which we are now past

    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
  • LD50LD50 Registered User regular
    Echo wrote: »
    So I was thinking of cobbling together some powershell whirlygig that creates a .bat file for launching stuff, since I frequently find myself installing "C:\Program Files\Foo\Bar.exe" and I don't want to shit my PATH up with yet another folder so I want a script that makes a batch file in a directory in the path that starts that for me.

    Friend of mine once made a whirlygig that added a context menu option 'add to path' that created symlinks in an already-in-path directory.

  • DonnictonDonnicton Registered User regular
    edited May 2017
    Nosf wrote: »

    Just FYI







    Turns out the current wave of WannaCrypt was stopped by its own shitty coding. This doesn't save those already victimized but it does stop further spread of this version of the malware. This doesn't mean the author can't release an updated version so obviously make sure your shit is patched.

    Microsoft has put up an article listing hardening steps and windows updates you can follow to help prevent infection, including taking the rather significant step of providing support for Windows XP and Server 2003. https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/



    As an amusing aside,

    Donnicton on
  • RandomHajileRandomHajile Not actually a Snatcher The New KremlinRegistered User regular
    WHY WOULD ANYONE HAVE SMB OPEN TO THE INTERNET?!?!?

  • RandomHajileRandomHajile Not actually a Snatcher The New KremlinRegistered User regular
    edited May 2017
    With that being said, it does scare me that one of these could be delivered via an email CryptoLocker infection and then propagated via a 0-day internally.

    RandomHajile on
  • wunderbarwunderbar What Have I Done? Registered User regular
    edited May 2017
    People are pointing out that the domain register URL thing for WannaCry was likely a poor attempt at stopping reverse engeineering of the malware. It seems the intention was to have it set up so if it was running in a sandboxed enviornment (i.e. a VM with no network access) then the actual crypto part of the malware package would not execute, making it harder to reverse engineer. It was just written poorly/almost backwards.

    That being said, this accidental fix doesn't rid the malware from your system. The WannaCry worm still infects machines, it just can't deploy the destructive part of the malware in this current form. There's nothing stopping a copycat worm from doing the same thing with "better" code, so patch your shit.

    Interstingly, this is deemed so bad, that Microsoft actually patched Windows XP, Windows Server 2003, and Windows 8.0. All 3 of those are out of support, for 3 years in the case of XP.

    For me personally, all of my workstations are patched, my servers..... are getting patched Tuesday (when the medial staff, tractor beam, and photon torpedoes arrive). I have to schedule my downtime for patching servers 3 weeks ahead of time, and once I do, just because of the processes in place, I can't really change them. So I've been planning on doing patches for 3 weeks. Thank god it's not like, 2 more weeks away. I would have found a way to do it sooner if that were the case. But with our workstations all patched and no SMB exposure to the internet, and especially now with this strain of WannaCry being rendered basically inert, I'm only slightly worried, not omgbbq terrified.

    wunderbar on
    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
  • ShadowfireShadowfire Vermont, in the middle of nowhereRegistered User regular
    All of our client computers were taken offline and shut down until we could roll the patches offline. I'm an in-home dude, and we were told we could not connect our computers to client networks. Hotspot only.

    Working in the most rural parts of Vermont. That was fun!

    WiiU: Windrunner ; Guild Wars 2: Shadowfire.3940 ; PSN: Bradcopter
  • GdiguyGdiguy San Diego, CARegistered User regular
    wunderbar wrote: »
    For me personally, all of my workstations are patched, my servers..... are getting patched Tuesday (when the medial staff, tractor beam, and photon torpedoes arrive). I have to schedule my downtime for patching servers 3 weeks ahead of time, and once I do, just because of the processes in place, I can't really change them. So I've been planning on doing patches for 3 weeks. Thank god it's not like, 2 more weeks away. I would have found a way to do it sooner if that were the case. But with our workstations all patched and no SMB exposure to the internet, and especially now with this strain of WannaCry being rendered basically inert, I'm only slightly worried, not omgbbq terrified.

    FYI, the version without that killswitch is already running around in the wild, so while it's a funny story I wouldn't hold onto that as much comfort

  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    edited May 2017
    I'm an aggressive patcher. When I started at my company we had no official policy for patching, and it was done more or less when an engineer got around to it (about once every 2 months).

    I set our patching policies and we now aim for 100% installation within 14 days for any updates to any Microsoft or Adobe product, any web browser, and Java. We don't always make it, but we get close.

    We were fully patched against ETERNALABLOO a month ago...

    ...except for that one fucking 2003 VM that we still have because that team is slowpokes

    Feral on
    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • EchoEcho ski-bap ba-dapModerator mod
    LD50 wrote: »
    Echo wrote: »
    So I was thinking of cobbling together some powershell whirlygig that creates a .bat file for launching stuff, since I frequently find myself installing "C:\Program Files\Foo\Bar.exe" and I don't want to shit my PATH up with yet another folder so I want a script that makes a batch file in a directory in the path that starts that for me.

    Friend of mine once made a whirlygig that added a context menu option 'add to path' that created symlinks in an already-in-path directory.

    Yeah, what I want is essentially a command that lets me go "pathinate ./foo.exe". (But have it run from the actual directory, of course.)

  • EchoEcho ski-bap ba-dapModerator mod
    sag0c3htoa7u.jpg

This discussion has been closed.