Is your DFS structure up to date?


Distributed File System is a technology that has been around since the days of NT 4.0 so as you can imagine entropy can run wild in a DFS structure. It is paramount to remove old targers to servers gone the way of the zune player: We have all heard the phrase “My computer is slow” and depending on the end users clout in the company and your position in the company, the ticket for the slow computer may end up on your desk.
Continue reading “Is your DFS structure up to date?”

Securing the Guest account

Thanks to WMI and well known sids we can query a computer for the status of user accounts, lets start with the simple query seen here:

 

 

 

 

 

 

 


From the results of the query we can see that the SID of the built in guest account ends in ‘-501’. so if we run the query

Get-WmiObject -Class Win32_UserAccount|where {$_.sid -like "*-501"}

or better yet (accounting for domain accounts)

Get-WmiObject -Class Win32_UserAccount -Filter  "LocalAccount='True'" |where {$_.sid -like "*-501"}

which shows us some simple info about the user

ensuring that we have the correct user we can use the command ‘Net User‘ to set the password. below is what I use to set a complex 20 character random password for the guest account:

Net User ((Get-WmiObject -Class Win32_UserAccount -Filter  "LocalAccount='True'" |where {$_.sid -like "*-501"}).name) (('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+='.ToCharArray()|Get-Random -Count 20) -join "")

Are those files being accessed?

Building a new file server I wanted to check to see if a particular drive was being used during the day. Luckily Since the days of Server 2003, Windows Server has shipped with an executable openfiles.exe that we can leverage. The bad news is that the executable was written to output the data to the command console and to be discarded, luckily we can use the PowerShell pipeline to interpret the output of openfiles.exe and format it. I have made a PowerShell “One Liner” to quickly retrieve the open files on a server:

$OpenFiles = openfiles /query /fo CSV | Select-Object -Skip 9 | ConvertFrom-Csv -Header "ID","AccessedBy","Type","OpenFile"

The script saves the output of openfiles.exe to the variable $OpenFiles
Let’s dive into the rest of it…
openfiles /query /fo CSV this is the command that can be used with PowerShell or in a command console to export the results to a .csv file (but we don’t really want to save a file)
Select-Object -Skip 9 states that we want to ignore the first 9 lines of the input (like I said, the openfiles.exe command was meant to display on the screen so there’s a bunch of junk in there )
ConvertFrom-Csv -Header “ID”,“AccessedBy”,“Type”,“OpenFile” takes the CSV formatted data and converts it to a PowerShell object so we can manage the data.
So lets run the command on FileServer1 and see if there are any open files on the X:\ drive…

$OpenFiles = openfiles /query /fo CSV | Select-Object -Skip 9 | ConvertFrom-Csv -Header "ID","AccessedBy","Type","OpenFile"            
$OpenFiles | where {$_.OpenFile -like "X:\*"}


Or we could see what a particular user is viewing:
$OpenFiles | where {$_. AccessedBy -like “McCann*”}

Yes you could use the MMC, add the computer management snap in, navigate through, sort, etc, etc…. but the great thing about PowerShell is its remote capabilities, let’s see what we get when we format the script to run remotely on FileServer1…

Invoke-Command -ComputerName FileServer1 -ScriptBlock {            
    $OpenFiles = openfiles /query /fo CSV | Select-Object -Skip 9 | ConvertFrom-Csv -Header "ID","AccessedBy","Type","OpenFile"            
    $OpenFiles | where {$_.OpenFile -like "X:\*"} | Format-Table            
    }


Aren’t computers neat?
-JoshuaÂ