As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

[Sysadmin] Nightmare fuel

19394969899

Posts

  • XaviarXaviar Registered User regular
    Cog wrote: »
    Aioua wrote: »
    Cog wrote: »
    Aioua lighting the batsignal for vowels, help me figure out how to put function get-logonserver{ into that script so I can return both last logon time and, if they're currently logged in, which DC authenticated them.

    @Cog
    heh, that script already finds it for you it just doesn't do anything with it. Needs better variable names!
    Here:
    Import-Module ActiveDirectory
    
    $userName = Read-Host -Prompt 'Input the user name'
    $dcs = Get-ADDomainController -Filter {Name -like "*"}
    $mostRecentLogon = 0
    $mostRecentDc = ""
    
    foreach($dc in $dcs)
    {
         $currentDc = $dc.HostName
         $userObj = Get-ADUser $userName | Get-ADObject -Properties lastLogon
         if($userObj.LastLogon -gt $mostRecentLogon)
         {
             $mostRecentLogon = $userObj.LastLogon
             $mostRecentDc = $currentDc
         }
    }
    
    $dt = [DateTime]::FromFileTime($mostRecentLogon)
    Write-Host "$userName last logged on at: $dt from DC: $mostRecentDc"
    


    e: removed function, scripts are that one giant function annoy me, that's what a script is!

    Okay so now how about lets do it with popups!

    I dropped in
    [System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') | Out-Null
    $userName = [Microsoft.VisualBasic.Interaction]::InputBox("Enter a user name", "User Name", "$env:username")
    

    To get a popup that prompts for a username with the current user filled in, but I cant find something appropriate to produce a popup for the output.

    I don't do anything really with powershell, but if that last line is letting you invoke VB, you can't just [Microsoft.VisualBasic.Interaction]::MsgBox($outputStr) ?

  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    visualbasic???

    HISSSSSS


    (but yeah msg box)

    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
  • CogCog What'd you expect? Registered User regular
    I have no idea, I don't actually write powershell, I google for things similar to what I need and then tinker with it until it works.

  • XaviarXaviar Registered User regular
    Cog wrote: »
    I have no idea, I don't actually write powershell, I google for things similar to what I need and then tinker with it until it works.

    By this logic, I'm going to suggest that:
    [Microsoft.VisualBasic.Interaction]::MsgBox("$userName last logged on at: $dt from DC: $mostRecentDc")
    

    will solve your problem.

  • CogCog What'd you expect? Registered User regular
    edited June 2018
    [Microsoft.VisualBasic.Interaction]::MsgBox("$userName last logged on at: $dt from DC: $mostRecentDc") worked fine, though it does title the popup as "Anonymously Hosted DynamicMethods Assembly". Can't get it re-titled to something less dumb. I'll muck with it later.

    EDIT: Thanks Xaviar, I actually got there myself before I checked back and made this post, but yes that's what I ended up with. :+1:

    Cog on
  • XaviarXaviar Registered User regular
    edited June 2018
    [Microsoft.VisualBasic.Interaction]::MsgBox("$userName last logged on at: $dt from DC: $mostRecentDc",0,"This is the title of your messagebox")
    

    The middle argument is the buttons the msgbox should have. 0 is just OK.

    [edit]
    I don't know, I think 0 is pretty good, actually.

    Xaviar on
  • SeidkonaSeidkona Had an upgrade Registered User regular
    This is worse than fixating on ass for a whole page.

    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
  • XaviarXaviar Registered User regular
    Entaru wrote: »
    This is worse than fixating on ass for a whole page.

    I mean we haven't even started talking about using SendKeys to fill out forms with all of this user data yet.

  • CogCog What'd you expect? Registered User regular
    Xaviar wrote: »
    [Microsoft.VisualBasic.Interaction]::MsgBox("$userName last logged on at: $dt from DC: $mostRecentDc",0,"This is the title of your messagebox")
    

    The middle argument is the buttons the msgbox should have. 0 is just OK.

    [edit]
    I don't know, I think 0 is pretty good, actually.

    Ah, that's what I was missing. I was messing around with the "stuff", something, "title", format but I couldn't figure out what went in the middle that would satisfy it. I found a few different sites showing examples including ones that showed you could leave it empty or that there were some other syntax that would do different things, but it kept getting mad and kicking back at me.

  • CogCog What'd you expect? Registered User regular
    edited June 2018
    Entaru wrote: »
    This is worse than fixating on ass for a whole page.

    It's fun when it's your ass script that we're all fucking with. When it's someone else's, it's not very interesting.

    EDIT: I have this happen to me all the time at work where I find myself wishing I could just double click a thing and get - for example - the last time someone logged in. Then I start googling to see if there's a simple way to get it out of powershell. The answer is, invariably, "simple is a relative term, there is a way to get it out of powershell".

    Then I start cobbling bits and pieces of different examples I find together to see if I can make it work. I find handy little snippets of code and save them in an Evernote notebook so that one day they'll be precisely the thing I need to save the day and I'll be a hero and shut up it's my fantasy.

    Cog on
  • SeidkonaSeidkona Had an upgrade Registered User regular
    edited June 2018
    Cog wrote: »
    Entaru wrote: »
    This is worse than fixating on ass for a whole page.

    It's fun when it's your ass script that we're all fucking with. When it's someone else's, it's not very interesting.

    I knew I felt a tickle.

    I was more making a poweshell sucks joke and not a helping you joke.

    Seidkona on
    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
  • XaviarXaviar Registered User regular
    Cog wrote: »
    Xaviar wrote: »
    [Microsoft.VisualBasic.Interaction]::MsgBox("$userName last logged on at: $dt from DC: $mostRecentDc",0,"This is the title of your messagebox")
    

    The middle argument is the buttons the msgbox should have. 0 is just OK.

    [edit]
    I don't know, I think 0 is pretty good, actually.

    Ah, that's what I was missing. I was messing around with the "stuff", something, "title", format but I couldn't figure out what went in the middle that would satisfy it. I found a few different sites showing examples including ones that showed you could leave it empty or that there were some other syntax that would do different things, but it kept getting mad and kicking back at me.

    http://w3schools.sinsixx.com/vbscript/func_msgbox.asp.htm
    Reference wrote:
    • 0 = vbOKOnly - OK button only
    • 1 = vbOKCancel - OK and Cancel buttons
    • 2 = vbAbortRetryIgnore - Abort, Retry, and Ignore buttons
    • 3 = vbYesNoCancel - Yes, No, and Cancel buttons
    • 4 = vbYesNo - Yes and No buttons
    • 5 = vbRetryCancel - Retry and Cancel buttons
    • 16 = vbCritical - Critical Message icon
    • 32 = vbQuestion - Warning Query icon
    • 48 = vbExclamation - Warning Message icon
    • 64 = vbInformation - Information Message icon
    • 0 = vbDefaultButton1 - First button is default
    • 256 = vbDefaultButton2 - Second button is default
    • 512 = vbDefaultButton3 - Third button is default
    • 768 = vbDefaultButton4 - Fourth button is default
    • 0 = vbApplicationModal - Application modal (the current application will not work until the user responds to the message box)
    • 4096 = vbSystemModal - System modal (all applications wont work until the user responds to the message box)

    We can divide the buttons values into four groups: The first group (0–5) describes the buttons to be displayed in the message box, the second group (16, 32, 48, 64) describes the icon style, the third group (0, 256, 512, 768) indicates which button is the default; and the fourth group (0, 4096) determines the modality of the message box. When adding numbers to create a final value for the buttons parameter, use only one number from each group

  • CogCog What'd you expect? Registered User regular
    Xaviar wrote: »
    Cog wrote: »
    Xaviar wrote: »
    [Microsoft.VisualBasic.Interaction]::MsgBox("$userName last logged on at: $dt from DC: $mostRecentDc",0,"This is the title of your messagebox")
    

    The middle argument is the buttons the msgbox should have. 0 is just OK.

    [edit]
    I don't know, I think 0 is pretty good, actually.

    Ah, that's what I was missing. I was messing around with the "stuff", something, "title", format but I couldn't figure out what went in the middle that would satisfy it. I found a few different sites showing examples including ones that showed you could leave it empty or that there were some other syntax that would do different things, but it kept getting mad and kicking back at me.

    http://w3schools.sinsixx.com/vbscript/func_msgbox.asp.htm

    *snip*

    We can divide the buttons values into four groups: The first group (0–5) describes the buttons to be displayed in the message box, the second group (16, 32, 48, 64) describes the icon style, the third group (0, 256, 512, 768) indicates which button is the default; and the fourth group (0, 4096) determines the modality of the message box. When adding numbers to create a final value for the buttons parameter, use only one number from each group
    [/quote]

    Yeah those are the bits I found, but the place that I found them didn't provide the numerical values, just the text, making it seem like you just crammed something like vbOKOnly in there, which naturally blew up the whole script.

    I do realize I'm turning this into the coding thread and becoming that which I hate.

  • CogCog What'd you expect? Registered User regular
    Entaru wrote: »
    Cog wrote: »
    Entaru wrote: »
    This is worse than fixating on ass for a whole page.

    It's fun when it's your ass script that we're all fucking with. When it's someone else's, it's not very interesting.

    I knew I felt a tickle.

    I was more making a poweshell sucks joke and not a helping you joke.

    My latest fetish is actually wmic calls. It's wild what they can accomplish.

  • XaviarXaviar Registered User regular
    One last thing and I'll leave you be, but I might throw something like this at the bottom, instead of just the success response, to catch obvious errors like typos and whatnot.
    if ($mostRecentLogon -eq 0)
     {
         [Microsoft.VisualBasic.Interaction]::MsgBox("Didn't find $userName",0,"Last Log On")
         exit
    }
    [Microsoft.VisualBasic.Interaction]::MsgBox("$userName last logged on at: $dt from DC: $mostRecentDc",0,"Last Log On")
    

  • CogCog What'd you expect? Registered User regular
    Heh, yeah, I did find out that if it can't validate the logon, it returns a last logon date of December 31st, in the Year of our Lord 1600.

  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    Cog wrote: »
    Heh, yeah, I did find out that if it can't validate the logon, it returns a last logon date of December 31st, in the Year of our Lord 1600.

    *NIX systems are the Young Earth Creationists compared to Windows NT systems.

    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
  • CogCog What'd you expect? Registered User regular
    It'd be just like my users to have left a disconnected session hanging since the 15th century.

  • wunderbarwunderbar What Have I Done? Registered User regular
    I am so ready for this week to be done. I wanted to power cycle my tape drive, which involves turning it off completely. It takes it 6-8 minutes to turn off.

    Then shit happened yesterday. and this morning I look at the backup... which didn't run. after about 10 minutes of investigation.... I had forgotten to go turn the drive back on.

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
  • LD50LD50 Registered User regular
    wunderbar wrote: »
    I am so ready for this week to be done. I wanted to power cycle my tape drive, which involves turning it off completely. It takes it 6-8 minutes to turn off.

    Then shit happened yesterday. and this morning I look at the backup... which didn't run. after about 10 minutes of investigation.... I had forgotten to go turn the drive back on.

    Hey, it's friday.

    Also: You have an automated tape drive backup. You're living a blessed life.

  • wunderbarwunderbar What Have I Done? Registered User regular
    LD50 wrote: »
    wunderbar wrote: »
    I am so ready for this week to be done. I wanted to power cycle my tape drive, which involves turning it off completely. It takes it 6-8 minutes to turn off.

    Then shit happened yesterday. and this morning I look at the backup... which didn't run. after about 10 minutes of investigation.... I had forgotten to go turn the drive back on.

    Hey, it's friday.

    Also: You have an automated tape drive backup. You're living a blessed life.

    I don't often associate the term blessed with an autoloader tape drive.

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
  • LD50LD50 Registered User regular
    wunderbar wrote: »
    LD50 wrote: »
    wunderbar wrote: »
    I am so ready for this week to be done. I wanted to power cycle my tape drive, which involves turning it off completely. It takes it 6-8 minutes to turn off.

    Then shit happened yesterday. and this morning I look at the backup... which didn't run. after about 10 minutes of investigation.... I had forgotten to go turn the drive back on.

    Hey, it's friday.

    Also: You have an automated tape drive backup. You're living a blessed life.

    I don't often associate the term blessed with an autoloader tape drive.

    At least your backup isn't a raid 5 array with one too many failed disks!

  • SeidkonaSeidkona Had an upgrade Registered User regular
    Our backup is commvault that is over capacity so they keep round robining servers.

    Shoot me.

    Mostly just huntin' monsters.
    XBL:Phenyhelm - 3DS:Phenyhelm
  • wunderbarwunderbar What Have I Done? Registered User regular
    Entaru wrote: »
    Our backup is commvault that is over capacity so they keep round robining servers.

    Shoot me.

    Commvault. I shudder at the thought of that.

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
  • AiouaAioua Ora Occidens Ora OptimaRegistered User regular
    oh hmm

    I should... probably double check and my sure the databases I've devops-ing are actually running backups
    most of these got set up by devs they tend to forget unimportant details like that

    life's a game that you're bound to lose / like using a hammer to pound in screws
    fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
    that's right we're on a fucked up cruise / God is dead but at least we have booze
    bad things happen, no one knows why / the sun burns out and everyone dies
  • CogCog What'd you expect? Registered User regular
    Received software update instructions from vendor.

    Step 1) Share the D drive of the server...



    .... uhh.... hold on... I have some concerns.

  • CogCog What'd you expect? Registered User regular
    I logged in to this client's management portal and all their servers are named after Star Wars characters and planets.

    I find it hard to articulate why, but it really fucking irritates me. I would almost say I find it offensive on some level, but that doesn't feel quite right?

  • bowenbowen How you doin'? Registered User regular
    Eh. Everyone has naming conventions.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • XaviarXaviar Registered User regular
    Cog wrote: »
    I logged in to this client's management portal and all their servers are named after Star Wars characters and planets.

    I find it hard to articulate why, but it really fucking irritates me. I would almost say I find it offensive on some level, but that doesn't feel quite right?

    We had a server structure named after fruit.

    Most of my time was spent with Strawberry. I did some work with Banana as well. Didn't touch Raspberry or Blueberry.

  • CogCog What'd you expect? Registered User regular
    I don't usually mind odd naming conventions but somehow the ones that reinforce IT-nerd stereotypes bug me.

    Also as an MSP I fucking hate when I can't look at a list of servers and have some idea which one is the domain controller, file server, sql server, etc.

    Fucking what does BOBA do, and what does FETT do, and what does JANGO do and what kind of sociopath even builds a BINKS server?

  • XaviarXaviar Registered User regular
    Cog wrote: »
    I don't usually mind odd naming conventions but somehow the ones that reinforce IT-nerd stereotypes bug me.

    Also as an MSP I fucking hate when I can't look at a list of servers and have some idea which one is the domain controller, file server, sql server, etc.

    Fucking what does BOBA do, and what does FETT do, and what does JANGO do and what kind of sociopath even builds a BINKS server?

    If those are the real names, I can almost appreciate it. Esp if Boba is dependent on Jango in some way. But then there should in no way be a separate Fett server.

    I could see naming a test server that I regularly threw garbage at Binks, but by this convention there should apparently be one named JarJar as well?

    I mean you're just doing it bad at that point.

  • That_GuyThat_Guy I don't wanna be that guy Registered User regular
    I wanted to use clever names for the servers for some of my clients but decided against it when I realized no one else in the office did it. In retrospect, it's a good idea. It would drive me nuts to pull up Kaseya and see pop culture references instead of something like COS-DC, COS-SQL. COS-Mail and so-on.

  • ThawmusThawmus +Jackface Registered User regular
    I had a network admin once tell me that the reason they name servers so oddly was for security.

    I smiled and nodded and plodded out of the room.

    Twitch: Thawmus83
  • XaviarXaviar Registered User regular
    Nah. It's the same reason they name library book carts over in the Job thread.

    You work with it every day, it helps to give it a little bit of personality.

  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    Aioua wrote: »
    Well, that wouldn't tell you if they're currently logged in, just which DC was the one recording the most recent login. (I'm... pretty sure lastlogon only gets overwritten when you log onto that specific DC, the synced value is lastlogontimestamp)
    I'm not sure how to tell if a user is currently logged in actually... is that something AD even tracks? I have this feeling it's stateless?

    No, there isn't a simple and easy way to query an AD server for all logged in users. But there are a few techniques:

    1) Comb the security event log for logon and logoff events. This is how a lot of SIEM and SIEM-adjacent tools do it.

    2) Target all workstations and Remote Desktop hosts with something like query user or an WMI query for Win32_LoginSession. This is how a lot of web filters and next-gen firewalls do it.

    My favorite:

    3) Use New-PSSession to open a remote Powershell session to all file servers, then do Get-SMBSession.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    Cog wrote: »
    I don't usually mind odd naming conventions but somehow the ones that reinforce IT-nerd stereotypes bug me.

    Also as an MSP I fucking hate when I can't look at a list of servers and have some idea which one is the domain controller, file server, sql server, etc.

    Fucking what does BOBA do, and what does FETT do, and what does JANGO do and what kind of sociopath even builds a BINKS server?

    When I started at my current job, all the domain controllers and most of the other critical servers had scifi names just like that.

    Most of them were Star Trek. KIRK, SPOCK, PICARD, etc. There were a handful from other properties: GANDALF, FIREFLY, etc.

    Many of them were physical servers, too. (All of the domain controllers were physical.)

    One of the first things I did was start tearing those down and replacing them with appropriately named VMs.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • LD50LD50 Registered User regular
    One downside I have ran into with naming your servers reasonable things like COS-DC and COS-Mail:

    It can potentially become deceptive when, say, your domain controller shits the bed and someone starts using the mail server as a domain controller on an 'emergency basis' which really means 'forever-ever', and it can be hard to explain to people that your domain controller is named as such.

    I mean, you really shouldn't be doing that, but shit like that can and does happen and it's a little less bad when it's named "Dagobah".

  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    LD50 wrote: »
    One downside I have ran into with naming your servers reasonable things like COS-DC and COS-Mail:

    It can potentially become deceptive when, say, your domain controller shits the bed and someone starts using the mail server as a domain controller on an 'emergency basis' which really means 'forever-ever', and it can be hard to explain to people that your domain controller is named as such.

    I mean, you really shouldn't be doing that, but shit like that can and does happen and it's a little less bad when it's named "Dagobah".

    The other problem I have is when servers are named after obscure industry-specific acronyms or vendors.

    Like, instead of giving HR a server and calling it HR01 or BENEFITS01, they call it BRM (for benefits rights management) or FMBC (the name of the benefits management subcontractor).

    That's still better than ANAKIN though.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • XaviarXaviar Registered User regular
    I currently am in love with naming servers by days of the week.
    LD50 wrote: »
    It can potentially become deceptive when, say, Thursday shits the bed and someone starts using Monday as a domain controller on an 'emergency basis' which really means 'forever-ever', and it can be hard to explain to people that Monday is named as such.

    I mean, you really shouldn't be doing that, but shit like that can and does happen and it's a little less bad when it's named "Dagobah".

  • wunderbarwunderbar What Have I Done? Registered User regular
    Thawmus wrote: »
    I had a network admin once tell me that the reason they name servers so oddly was for security.

    I smiled and nodded and plodded out of the room.

    This is literally the situation at my current employer when I started there. Servers were/are named after Greek gods. I was told it was to make it harder for attackers to figure out what server did what.

    He didn't seem to understand what I meant when I told him that if an attacker was into a network deep enough that they can read hostnames, you're well past screwed already. Also port scans are a thing.

    It took me 6 months but I finally got approval to start naming servers sensible things. But we're stuck having stupidly named servers for 3-4 years as we cycle things out.

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
This discussion has been closed.