Aioua lighting the batsignal for vowels, help me figure out how to put function get-logonserver{ into that script so I can return both last logon time and, if they're currently logged in, which DC authenticated them.
@Cog
heh, that script already finds it for you it just doesn't do anything with it. Needs better variable names!
Here:
e: removed function, scripts are that one giant function annoy me, that's what a script is!
Okay so now how about lets do it with popups!
I dropped in
[System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') | Out-Null
$userName = [Microsoft.VisualBasic.Interaction]::InputBox("Enter a user name", "User Name", "$env:username")
To get a popup that prompts for a username with the current user filled in, but I cant find something appropriate to produce a popup for the output.
I don't do anything really with powershell, but if that last line is letting you invoke VB, you can't just [Microsoft.VisualBasic.Interaction]::MsgBox($outputStr) ?
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
[Microsoft.VisualBasic.Interaction]::MsgBox("$userName last logged on at: $dt from DC: $mostRecentDc") worked fine, though it does title the popup as "Anonymously Hosted DynamicMethods Assembly". Can't get it re-titled to something less dumb. I'll muck with it later.
EDIT: Thanks Xaviar, I actually got there myself before I checked back and made this post, but yes that's what I ended up with.
Ah, that's what I was missing. I was messing around with the "stuff", something, "title", format but I couldn't figure out what went in the middle that would satisfy it. I found a few different sites showing examples including ones that showed you could leave it empty or that there were some other syntax that would do different things, but it kept getting mad and kicking back at me.
This is worse than fixating on ass for a whole page.
It's fun when it's yourass script that we're all fucking with. When it's someone else's, it's not very interesting.
EDIT: I have this happen to me all the time at work where I find myself wishing I could just double click a thing and get - for example - the last time someone logged in. Then I start googling to see if there's a simple way to get it out of powershell. The answer is, invariably, "simple is a relative term, there is a way to get it out of powershell".
Then I start cobbling bits and pieces of different examples I find together to see if I can make it work. I find handy little snippets of code and save them in an Evernote notebook so that one day they'll be precisely the thing I need to save the day and I'll be a hero and shut up it's my fantasy.
Ah, that's what I was missing. I was messing around with the "stuff", something, "title", format but I couldn't figure out what went in the middle that would satisfy it. I found a few different sites showing examples including ones that showed you could leave it empty or that there were some other syntax that would do different things, but it kept getting mad and kicking back at me.
2 = vbAbortRetryIgnore - Abort, Retry, and Ignore buttons
3 = vbYesNoCancel - Yes, No, and Cancel buttons
4 = vbYesNo - Yes and No buttons
5 = vbRetryCancel - Retry and Cancel buttons
16 = vbCritical - Critical Message icon
32 = vbQuestion - Warning Query icon
48 = vbExclamation - Warning Message icon
64 = vbInformation - Information Message icon
0 = vbDefaultButton1 - First button is default
256 = vbDefaultButton2 - Second button is default
512 = vbDefaultButton3 - Third button is default
768 = vbDefaultButton4 - Fourth button is default
0 = vbApplicationModal - Application modal (the current application will not work until the user responds to the message box)
4096 = vbSystemModal - System modal (all applications wont work until the user responds to the message box)
We can divide the buttons values into four groups: The first group (0–5) describes the buttons to be displayed in the message box, the second group (16, 32, 48, 64) describes the icon style, the third group (0, 256, 512, 768) indicates which button is the default; and the fourth group (0, 4096) determines the modality of the message box. When adding numbers to create a final value for the buttons parameter, use only one number from each group
Ah, that's what I was missing. I was messing around with the "stuff", something, "title", format but I couldn't figure out what went in the middle that would satisfy it. I found a few different sites showing examples including ones that showed you could leave it empty or that there were some other syntax that would do different things, but it kept getting mad and kicking back at me.
We can divide the buttons values into four groups: The first group (0–5) describes the buttons to be displayed in the message box, the second group (16, 32, 48, 64) describes the icon style, the third group (0, 256, 512, 768) indicates which button is the default; and the fourth group (0, 4096) determines the modality of the message box. When adding numbers to create a final value for the buttons parameter, use only one number from each group
[/quote]
Yeah those are the bits I found, but the place that I found them didn't provide the numerical values, just the text, making it seem like you just crammed something like vbOKOnly in there, which naturally blew up the whole script.
I do realize I'm turning this into the coding thread and becoming that which I hate.
One last thing and I'll leave you be, but I might throw something like this at the bottom, instead of just the success response, to catch obvious errors like typos and whatnot.
if ($mostRecentLogon -eq 0)
{
[Microsoft.VisualBasic.Interaction]::MsgBox("Didn't find $userName",0,"Last Log On")
exit
}
[Microsoft.VisualBasic.Interaction]::MsgBox("$userName last logged on at: $dt from DC: $mostRecentDc",0,"Last Log On")
Heh, yeah, I did find out that if it can't validate the logon, it returns a last logon date of December 31st, in the Year of our Lord 1600.
*NIX systems are the Young Earth Creationists compared to Windows NT systems.
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
I am so ready for this week to be done. I wanted to power cycle my tape drive, which involves turning it off completely. It takes it 6-8 minutes to turn off.
Then shit happened yesterday. and this morning I look at the backup... which didn't run. after about 10 minutes of investigation.... I had forgotten to go turn the drive back on.
I am so ready for this week to be done. I wanted to power cycle my tape drive, which involves turning it off completely. It takes it 6-8 minutes to turn off.
Then shit happened yesterday. and this morning I look at the backup... which didn't run. after about 10 minutes of investigation.... I had forgotten to go turn the drive back on.
Hey, it's friday.
Also: You have an automated tape drive backup. You're living a blessed life.
I am so ready for this week to be done. I wanted to power cycle my tape drive, which involves turning it off completely. It takes it 6-8 minutes to turn off.
Then shit happened yesterday. and this morning I look at the backup... which didn't run. after about 10 minutes of investigation.... I had forgotten to go turn the drive back on.
Hey, it's friday.
Also: You have an automated tape drive backup. You're living a blessed life.
I don't often associate the term blessed with an autoloader tape drive.
I am so ready for this week to be done. I wanted to power cycle my tape drive, which involves turning it off completely. It takes it 6-8 minutes to turn off.
Then shit happened yesterday. and this morning I look at the backup... which didn't run. after about 10 minutes of investigation.... I had forgotten to go turn the drive back on.
Hey, it's friday.
Also: You have an automated tape drive backup. You're living a blessed life.
I don't often associate the term blessed with an autoloader tape drive.
At least your backup isn't a raid 5 array with one too many failed disks!
I should... probably double check and my sure the databases I've devops-ing are actually running backups
most of these got set up by devs they tend to forget unimportant details like that
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
I logged in to this client's management portal and all their servers are named after Star Wars characters and planets.
I find it hard to articulate why, but it really fucking irritates me. I would almost say I find it offensive on some level, but that doesn't feel quite right?
I logged in to this client's management portal and all their servers are named after Star Wars characters and planets.
I find it hard to articulate why, but it really fucking irritates me. I would almost say I find it offensive on some level, but that doesn't feel quite right?
We had a server structure named after fruit.
Most of my time was spent with Strawberry. I did some work with Banana as well. Didn't touch Raspberry or Blueberry.
I don't usually mind odd naming conventions but somehow the ones that reinforce IT-nerd stereotypes bug me.
Also as an MSP I fucking hate when I can't look at a list of servers and have some idea which one is the domain controller, file server, sql server, etc.
Fucking what does BOBA do, and what does FETT do, and what does JANGO do and what kind of sociopath even builds a BINKS server?
I don't usually mind odd naming conventions but somehow the ones that reinforce IT-nerd stereotypes bug me.
Also as an MSP I fucking hate when I can't look at a list of servers and have some idea which one is the domain controller, file server, sql server, etc.
Fucking what does BOBA do, and what does FETT do, and what does JANGO do and what kind of sociopath even builds a BINKS server?
If those are the real names, I can almost appreciate it. Esp if Boba is dependent on Jango in some way. But then there should in no way be a separate Fett server.
I could see naming a test server that I regularly threw garbage at Binks, but by this convention there should apparently be one named JarJar as well?
I mean you're just doing it bad at that point.
0
That_GuyI don't wanna be that guyRegistered Userregular
I wanted to use clever names for the servers for some of my clients but decided against it when I realized no one else in the office did it. In retrospect, it's a good idea. It would drive me nuts to pull up Kaseya and see pop culture references instead of something like COS-DC, COS-SQL. COS-Mail and so-on.
Well, that wouldn't tell you if they're currently logged in, just which DC was the one recording the most recent login. (I'm... pretty sure lastlogon only gets overwritten when you log onto that specific DC, the synced value is lastlogontimestamp)
I'm not sure how to tell if a user is currently logged in actually... is that something AD even tracks? I have this feeling it's stateless?
No, there isn't a simple and easy way to query an AD server for all logged in users. But there are a few techniques:
1) Comb the security event log for logon and logoff events. This is how a lot of SIEM and SIEM-adjacent tools do it.
2) Target all workstations and Remote Desktop hosts with something like query user or an WMI query for Win32_LoginSession. This is how a lot of web filters and next-gen firewalls do it.
My favorite:
3) Use New-PSSession to open a remote Powershell session to all file servers, then do Get-SMBSession.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
I don't usually mind odd naming conventions but somehow the ones that reinforce IT-nerd stereotypes bug me.
Also as an MSP I fucking hate when I can't look at a list of servers and have some idea which one is the domain controller, file server, sql server, etc.
Fucking what does BOBA do, and what does FETT do, and what does JANGO do and what kind of sociopath even builds a BINKS server?
When I started at my current job, all the domain controllers and most of the other critical servers had scifi names just like that.
Most of them were Star Trek. KIRK, SPOCK, PICARD, etc. There were a handful from other properties: GANDALF, FIREFLY, etc.
Many of them were physical servers, too. (All of the domain controllers were physical.)
One of the first things I did was start tearing those down and replacing them with appropriately named VMs.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
One downside I have ran into with naming your servers reasonable things like COS-DC and COS-Mail:
It can potentially become deceptive when, say, your domain controller shits the bed and someone starts using the mail server as a domain controller on an 'emergency basis' which really means 'forever-ever', and it can be hard to explain to people that your domain controller is named as such.
I mean, you really shouldn't be doing that, but shit like that can and does happen and it's a little less bad when it's named "Dagobah".
One downside I have ran into with naming your servers reasonable things like COS-DC and COS-Mail:
It can potentially become deceptive when, say, your domain controller shits the bed and someone starts using the mail server as a domain controller on an 'emergency basis' which really means 'forever-ever', and it can be hard to explain to people that your domain controller is named as such.
I mean, you really shouldn't be doing that, but shit like that can and does happen and it's a little less bad when it's named "Dagobah".
The other problem I have is when servers are named after obscure industry-specific acronyms or vendors.
Like, instead of giving HR a server and calling it HR01 or BENEFITS01, they call it BRM (for benefits rights management) or FMBC (the name of the benefits management subcontractor).
That's still better than ANAKIN though.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
It can potentially become deceptive when, say, Thursday shits the bed and someone starts using Monday as a domain controller on an 'emergency basis' which really means 'forever-ever', and it can be hard to explain to people that Monday is named as such.
I mean, you really shouldn't be doing that, but shit like that can and does happen and it's a little less bad when it's named "Dagobah".
I had a network admin once tell me that the reason they name servers so oddly was for security.
I smiled and nodded and plodded out of the room.
This is literally the situation at my current employer when I started there. Servers were/are named after Greek gods. I was told it was to make it harder for attackers to figure out what server did what.
He didn't seem to understand what I meant when I told him that if an attacker was into a network deep enough that they can read hostnames, you're well past screwed already. Also port scans are a thing.
It took me 6 months but I finally got approval to start naming servers sensible things. But we're stuck having stupidly named servers for 3-4 years as we cycle things out.
Posts
I don't do anything really with powershell, but if that last line is letting you invoke VB, you can't just [Microsoft.VisualBasic.Interaction]::MsgBox($outputStr) ?
HISSSSSS
(but yeah msg box)
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
By this logic, I'm going to suggest that:
will solve your problem.
EDIT: Thanks Xaviar, I actually got there myself before I checked back and made this post, but yes that's what I ended up with.
The middle argument is the buttons the msgbox should have. 0 is just OK.
[edit]
XBL:Phenyhelm - 3DS:Phenyhelm
I mean we haven't even started talking about using SendKeys to fill out forms with all of this user data yet.
Ah, that's what I was missing. I was messing around with the "stuff", something, "title", format but I couldn't figure out what went in the middle that would satisfy it. I found a few different sites showing examples including ones that showed you could leave it empty or that there were some other syntax that would do different things, but it kept getting mad and kicking back at me.
It's fun when it's your ass script that we're all fucking with. When it's someone else's, it's not very interesting.
EDIT: I have this happen to me all the time at work where I find myself wishing I could just double click a thing and get - for example - the last time someone logged in. Then I start googling to see if there's a simple way to get it out of powershell. The answer is, invariably, "simple is a relative term, there is a way to get it out of powershell".
Then I start cobbling bits and pieces of different examples I find together to see if I can make it work. I find handy little snippets of code and save them in an Evernote notebook so that one day they'll be precisely the thing I need to save the day and I'll be a hero and shut up it's my fantasy.
I knew I felt a tickle.
I was more making a poweshell sucks joke and not a helping you joke.
XBL:Phenyhelm - 3DS:Phenyhelm
http://w3schools.sinsixx.com/vbscript/func_msgbox.asp.htm
Yeah those are the bits I found, but the place that I found them didn't provide the numerical values, just the text, making it seem like you just crammed something like vbOKOnly in there, which naturally blew up the whole script.
I do realize I'm turning this into the coding thread and becoming that which I hate.
My latest fetish is actually wmic calls. It's wild what they can accomplish.
*NIX systems are the Young Earth Creationists compared to Windows NT systems.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Then shit happened yesterday. and this morning I look at the backup... which didn't run. after about 10 minutes of investigation.... I had forgotten to go turn the drive back on.
Hey, it's friday.
Also: You have an automated tape drive backup. You're living a blessed life.
I don't often associate the term blessed with an autoloader tape drive.
At least your backup isn't a raid 5 array with one too many failed disks!
Shoot me.
XBL:Phenyhelm - 3DS:Phenyhelm
Commvault. I shudder at the thought of that.
I should... probably double check and my sure the databases I've devops-ing are actually running backups
most of these got set up by devs they tend to forget unimportant details like that
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Step 1) Share the D drive of the server...
.... uhh.... hold on... I have some concerns.
I find it hard to articulate why, but it really fucking irritates me. I would almost say I find it offensive on some level, but that doesn't feel quite right?
We had a server structure named after fruit.
Most of my time was spent with Strawberry. I did some work with Banana as well. Didn't touch Raspberry or Blueberry.
Also as an MSP I fucking hate when I can't look at a list of servers and have some idea which one is the domain controller, file server, sql server, etc.
Fucking what does BOBA do, and what does FETT do, and what does JANGO do and what kind of sociopath even builds a BINKS server?
If those are the real names, I can almost appreciate it. Esp if Boba is dependent on Jango in some way. But then there should in no way be a separate Fett server.
I could see naming a test server that I regularly threw garbage at Binks, but by this convention there should apparently be one named JarJar as well?
I mean you're just doing it bad at that point.
I smiled and nodded and plodded out of the room.
You work with it every day, it helps to give it a little bit of personality.
No, there isn't a simple and easy way to query an AD server for all logged in users. But there are a few techniques:
1) Comb the security event log for logon and logoff events. This is how a lot of SIEM and SIEM-adjacent tools do it.
2) Target all workstations and Remote Desktop hosts with something like query user or an WMI query for Win32_LoginSession. This is how a lot of web filters and next-gen firewalls do it.
My favorite:
3) Use New-PSSession to open a remote Powershell session to all file servers, then do Get-SMBSession.
the "no true scotch man" fallacy.
When I started at my current job, all the domain controllers and most of the other critical servers had scifi names just like that.
Most of them were Star Trek. KIRK, SPOCK, PICARD, etc. There were a handful from other properties: GANDALF, FIREFLY, etc.
Many of them were physical servers, too. (All of the domain controllers were physical.)
One of the first things I did was start tearing those down and replacing them with appropriately named VMs.
the "no true scotch man" fallacy.
It can potentially become deceptive when, say, your domain controller shits the bed and someone starts using the mail server as a domain controller on an 'emergency basis' which really means 'forever-ever', and it can be hard to explain to people that your domain controller is named as such.
I mean, you really shouldn't be doing that, but shit like that can and does happen and it's a little less bad when it's named "Dagobah".
The other problem I have is when servers are named after obscure industry-specific acronyms or vendors.
Like, instead of giving HR a server and calling it HR01 or BENEFITS01, they call it BRM (for benefits rights management) or FMBC (the name of the benefits management subcontractor).
That's still better than ANAKIN though.
the "no true scotch man" fallacy.
This is literally the situation at my current employer when I started there. Servers were/are named after Greek gods. I was told it was to make it harder for attackers to figure out what server did what.
He didn't seem to understand what I meant when I told him that if an attacker was into a network deep enough that they can read hostnames, you're well past screwed already. Also port scans are a thing.
It took me 6 months but I finally got approval to start naming servers sensible things. But we're stuck having stupidly named servers for 3-4 years as we cycle things out.