Syed Jahanzaib Personal Blog to Share Knowledge !

February 27, 2017

Radius Manager Theme/Skin Collection

Filed under: Radius Manager — Tags: , — Syed Jahanzaib / Pinochio~:) @ 3:33 PM

Following are few customized themes for DMASOFTLAB Radius manager , Designed by various web developers.

  1. Digital Theme [Responsive as well, made by KANGNDO]
  2. Green Theme
  3. Blue Theme

 


General Steps to install theme

I assume you have DMASoftlab Radius Manager 4.1.x version installed and must be fully functional.

  • Download the theme file, unrar it in any temporary folder. you can use `tar zxvf filename.tar.gz /destination_folder`
  • Copy (or let’s say Overwrite) all the contents including files/folders from the (unzipped) folder name radiusmanager in /var/www/radiusmanager (or for CENTOS, its /var/www/html/radiusmanager). You can cp -vr syntax /source /target
  • Clear the browser cache, and reload the ACP administration control panel) page.

.


1- Digital Theme

Download Link: Radius Manager KANGNDO Theme Official Link

🙂

Sample Images:

1

2

3

4


2- Green Theme

Green Theme Download Link

green-1

 


Will update more later

 

Regard’s
Syed Jahanzaib

February 21, 2017

PowerShell Reference [Continued Post]

Filed under: Microsoft Related — Syed Jahanzaib / Pinochio~:) @ 8:34 AM

pwoershell-logo

coffe code.PNG

Following is reference post for Powershell command line usage to achieve different tasks. Recently I had to perform various administration tasks on more than 20 windows based servers , and using scripting it made my life a bit easier and I let the scripting  do the task on my behalf on scheduled basis 😉

These are very common tasks, commands but when you combine them with the Linux shell, they become ultra powerful and best thing is that you can create / add  some ‘ Artificial Intelligence ‘ in it. I have posted just basic level to hide the sensitivity of original tasks.

Following is collection of my own R&D, some commands are picked from Stackoverflow/Spicework forums as well.


General PowerShell Related CMD


Check PowerShell Version

$PSVersionTable.PSVersion
Upgrade PowerShell to Version 4 in Windows 7/2008 - 64bit
https://blogs.technet.microsoft.com/heyscriptingguy/2014/11/09/weekend-scripter-install-powershell-4-0-in-windows-7/

Execute Powershell script from Linux Shell using winexe

winexe -U DOMAIN/ID%’PASSWORD’ //IP_OR_NAME //101.11.12.38 ‘powershell.exe -inputformat none -command “dir”‘

winexe -U DOMAIN/ID%’PASSWORD’ //IP_OR_NAME ‘powershell.exe -inputformat none -command “c:\scripts\script_name.ps1″‘

 


Check Powershell Version & Process Architecture

#Check PowerShell Version
$PSVersionTable
# Check Processor Architecture
$env:PROCESSOR_ARCHITECTURE
# Get list of installed HOTFIX with details
Get-HotFix | Format-Table

 # Import Active Directory module

import-module activedirectory

Show Folder Size (in GB) | Sort by Size | Select top 10

This was intense task for me, and I was not able to sort it on my own. so I have to take help from stackoverflow and spicework forums.

Scenario:

We have a Windows 2008 R2  base file server where users have there shared folders.
Example:

  • D:\USERS
  • D:\USERS\USER1
  • D:\USERS\USER2
  • D:\USERS\USER3
  • D:\USERS\USER4
  • D:\USERS\USER5

All users folders have several hundreds sub folders in it.

Task:

Execute functions from Linux base system , which should remote to file server by winexe, execute powershell script, which should perform functions like

  • List all users folder name
  • Last modified time
  • Size conversion auto in kb/mb/gb ( order by size)
  • Email the result [customized] using sendEmail / gmail.

First the powershell script name foldersize.ps1 which will actually perform the functions on file server. we will copy this script in c:\temp on remote file server.

foldersize.ps1


param ($Path = ".")
$disk = ([wmi]"\\FILESERVER\root\cimv2:Win32_logicalDisk.DeviceID='D:'")
"D: GB Total = {0:#.0}
D: GB Used {2:#.0}
D: GB Free {1:#.0} " -f ($disk.Size/1GB),($disk.FreeSpace/1GB),($disk.Size/1GB-$disk.FreeSpace/1GB) | write-output

Get-WmiObject Win32_LogicalDisk -Filter "DriveType='3'" `
-ComputerName FILESERVER | `
Format-Table `
@{l="Server";e={$_.SystemName}}, `
@{l="Drive Letter";e={$_.DeviceID}}, `
@{l="Free Space on Disk (GB)";e={"{0:n2}" -f ($_.freespace/1gb)}}, `
@{l="Total Disk Space (GB)";e={"{0:n2}" -f ($_.size/1gb)}}, `
@{l="Percentage Used";e={ "{0:P2}" -f (1 - ([Int64]$_.FreeSpace / [Int64]$_.Size)) }}

$PrettySizeColumn = @{name="Size";expression={
$size = $_.Size
if ( $size -lt 1KB ) { $sizeOutput = "$("{0:N2}" -f $size) B" }
ElseIf ( $size -lt 1MB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1KB)) KB" }
ElseIf ( $size -lt 1GB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1MB)) MB" }
ElseIf ( $size -lt 1TB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1GB)) GB" }
ElseIf ( $size -lt 1PB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1TB)) TB" }
ElseIf ( $size -ge 1PB ) { $sizeOutput = "$("{0:N2}" -f ($size / 1PB)) PB" }
$sizeOutput
}}

Get-ChildItem -Path $Path | Where-Object {$_.PSIsContainer} | ForEach-Object {
$size = ( Get-ChildItem -Path $_.FullName -Recurse -Force | where {!$_.PSIsContainer} | Measure-Object -Sum Length).Sum
$obj = new-object -TypeName psobject -Property @{
Path = $_.Name
Time = $_.LastWriteTime
Size = $size
}
$obj
} | Sort-Object -Property Size -Descending | Select-Object Path, Time, $PrettySizeColumn

try to execute this file on the file server from powershell terminal. It should give you proper results. JUST BE VERY SURE TO READ THE SCRIPT VERY WELL, AS IT SHOULD BE MODIFIED AS PER YOUR REQUIREMENTS, PLUS I USED DOMAIN ADMIN ID, SO I HAD ALL THE ACCESS ON ALL THE COMPUTERS FROM MY PC /REMOTELY AS WELL.

.\foldersize.ps1 -Path  \\FILESERVER\C$\Softwares\IMAGES_ISO

Once done,  make a bash script in your linux (ubuntu) system  which will execute the above script remotely and will customized the result and email to the admin.

BASH FILE / folder_iquiry.sh which will run the ps file from linux terminal


#!/bin/bash
#set -x
# This bash script will query remote file server storage using Powershell Commands.
# It will send report via email with relevant details like top used folders , Very useful some times.
# Syed Jahanzaib / aacableAThotmailDOTcom
# http://aacableDOTwordpressDOTcom
# 20-feb-2017
start=`date +%s`
COMPANY="ZAIB"
SRVNAME="SRV01"
SRV_FRIENDLY_NAME="File Server D:Drive"
IP="10.0.0.1"
DOMAIN="DC.LOCAL"
PASS="PASSWORD"
ID="ADMIN"
#TARGET DIRECTORY
TDIR="d:\users"
TEMP_HOLDER="/tmp/xdrive_temp_raw_report.txt"
TEMP_HOLDER_FINAL="/tmp/xdrive_final_mail_report.txt"
> $TEMP_HOLDER
> $TEMP_HOLDER_FINAL
DATE=`date`

# GMAIL DETAILS to send EMAIL alert
SENDMAILAPP="/temp/sendEmail-v1.56/sendEmail"
GMAILID="ADMIN_GMAIL_ID@gmail.com"
GMAILPASS="GMAIL_PASS"
# Add recipient email address below
ADMINMAIL1="aacableAThotmailDOTcom"

MSG_SUB="$COMPANY $SRV_FRIENDLY_NAME - $SRVNAME - / Weekly Report @ $DATE"
MSG_BODY="$COMPANY $SRV_FRIENDLY_NAME - $SRVNAME - Weekly Report for Users D: drive folder's sorted by size
@ $DATE
"

FOOTER="Automated Weekly Report Generated using Linux Powered Powershell !!
Sys. Admin
$COMPANY IS Dept."

echo "
$MSG_BODY
" > $TEMP_HOLDER

#QUERY SERVER X: DRIVE
winexe -U $DOMAIN/$ID%"$PASS" //$IP 'powershell.exe -inputformat none -command "c:\temp\foldersize.ps1 -Path '"$TDIR"' ' >> $TEMP_HOLDER

# Remove Junk Line with unknonw character, which is unique or specific occured in my lab test

end=`date +%s`
echo "It took $(($end - $start)) seconds to complete this task..." >> $TEMP_HOLDER
echo "
$FOOTER" >> $TEMP_HOLDER

#Print result
cat $TEMP_HOLDER
#send email
sendemail -u "$MSG_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$TEMP_HOLDER -o message-content-type=text

# Script ends here

Now execute file from linux terminal like this…

/temp/folder_inquiry.sh

SAMPLE:

userreport.PNG


Show Folder Size (in GB) | Sort by Size | Select top 10

[This method have one BIG disadvantage, dueto 260 characters limit in windows, it may not show files/folders above then this limit. so it may not give your correct result if you have some deep folder structure/long files name in it.]

#Windows PS Version
ls c:\temp | select Name, @{Name="Type";Expression={if($_.psIsContainer){"---Directory---"}else{"---File---"}}}, @{Name="Size(GB)";Expression={[Math]::Round($(ls $_.FullName -recurse| measure Length -sum).Sum/1GB, 2)}}| sort -property "Size(GB)" -desc | Select -First 10

# Linux Winexe format
winexe -U DC/ID%PASS //IP 'powershell.exe -inputformat none -command "ls c:\backup\ | select Name, @{Name='"'"'"Type"'"'"';Expression={if($_.psIsContainer){'"'"'"Directory"'"'"'}else{'"'"'"File"'"'"'}}}, @{Name='"'"'"Size(GB)"'"'"';Expression={[Math]::Round($(ls $_.FullName -recurse| measure Length -sum).Sum/1GB, 3)}}| sort -property '"'"'"Size(GB)"'"'"' -desc | Select -First 10"'

Example of C:\temp contents …

  • C:\TEMP
  • C:\TEMP\FOLDER1
  • C:\TEMP\FOLDER-1\SUB_FOLDER
  • C:\TEMP\FOLDER-1\SUB_FOLDER_MORE
  • C:\TEMP\FOLDER2
  • C:\TEMP\FOLDER3

This will query all folders/sub-folders inside the c:\temp folder, and display only the main folders name including sizes of subfolder as well ..

Name Type Size(GB)
---- ---- --------
Win2008_test Directory 28.9
Ubuntu-PHP-API Directory 2.75
ubuntu-freeradius Directory 2.15
zaib_temp_radius Directory 2.09
MIKROTIK-1 - Copy Directory 0.39


Show files with Name & Size greater than 5 GB

[This was required in a script where I schedule it to email the top users in mail server by querying the folder directly]

Following command is formatted to be executed by WINEXE [Linux]

winexe -U $DOMAIN/$ID%"$PASS" //$IP 'powershell.exe -inputformat none -command "Get-ChildItem -Path '"$TDIR"' | Where-Object {$_.length -gt 5GB} | Sort-Object -descending -Property Length | Format-Table Name,@{name='"'"'Size GB'"'"';expression={$_.length/1GB};FormatString='"'"'N1'"'"'}"' | sed -e "$DEL_LINE" | sed '/^\s*$/d' |nl >> $TEMP_HOLDER

Script to get specific folder files and specific  folder total size, sort and email to admin on every Monday / Weekly

#!/bin/bash
#set -x
# This bash script will query remote lotus domino mail server storage using Powershell Commands.
# It will send report via email with erelevant details, Very useful some times.
# Syed Jahanzaib / aacableAThotmailDOTcom
# http://aacableDOTwordpressDOTcom
# 20-feb-2017
COMPANY="ZAIB"
SRVNAME="MYSRV"
IP="10.0.0.1"
DOMAIN="DC_NAME"
PASS="PASSWORD"
ID="ADMINISTRATOR"
TDIR="D:\lotus\domino\data\mail"
TDIR_FULL="D:\lotus"
TDIR_MAIL="D:\lotus\domino\data\mail"
TDIR_ARCH="D:\lotus\domino\data\archive"
# How many lines to be dleeted from winexe output for top users section
DEL_LINE="1,3d"
TEMP_HOLDER="/tmp/mail_top_users.txt"
TEMP_HOLDER_FULL="/tmp/mail_lotus_folder_size.txt"
> $TEMP_HOLDER
DATE=`date`

# GMAIL DETAILS to send EMAIL alert
SENDMAILAPP="/temp/sendEmail-v1.56/sendEmail"
GMAILID="ADMIN_GMAIL_ID@gmail.com"
GMAILPASS="GMAIL_PASSWORD"
# Add recipient email address below
ADMINMAIL1="aacableAThotmailDOTcom"

MSG_SUB="$COMPANY Lotus Mail Server / Weekly Report @ $DATE"
MSG_BODY="$COMPANY - $SRVNAME - Lotus Mail Server Weekly Report for Total Usage and TOP users exceeding 5GB mailbox size
@ $DATE
"
FOOTER="Automated Weekly Report Generated using Linux Powered Powershell !!
Sys. Admin
$COMPANY IS Dept."

echo "
$MSG_BODY
" > $TEMP_HOLDER

#Full size of Lotus Folder - Overall
FULL_SIZE=`winexe -U $DOMAIN/$ID%"$PASS" //$IP 'powershell.exe -inputformat none -command " "\"{0:N0}"\" -f ( (Get-ChildItem -Path '"$TDIR_FULL"' -Recurse | Measure-Object -Property Length -Sum ).Sum / 1GB)"' |sed '/^\s*$/d'`
echo "Lotus Total DATA size in GB = $FULL_SIZE" >> $TEMP_HOLDER

#Full size of Lotus MAIL Folder only
FULL_SIZE_MAIL=`winexe -U $DOMAIN/$ID%"$PASS" //$IP 'powershell.exe -inputformat none -command " "\"{0:N0}"\" -f ( (Get-ChildItem -Path '"$TDIR_MAIL"' -Recurse | Measure-Object -Property Length -Sum ).Sum / 1GB)"' |sed '/^\s*$/d'`
echo "Lotus Total User Inbox MAIL SIZE in GB = $FULL_SIZE_MAIL" >> $TEMP_HOLDER

#Full size of Lotus ARCHIVE Folder only
FULL_SIZE_ARCH=`winexe -U $DOMAIN/$ID%"$PASS" //$IP 'powershell.exe -inputformat none -command " "\"{0:N0}"\" -f ( (Get-ChildItem -Path '"$TDIR_ARCH"' -Recurse | Measure-Object -Property Length -Sum ).Sum / 1GB)"' |sed '/^\s*$/d'`
echo "Lotus User's ARCHIVE Folder SIZE in GB = $FULL_SIZE_ARCH" >> $TEMP_HOLDER

echo "----------------------------------------------
Lotus Users List whose inbox is exceeding 5 GB" >> $TEMP_HOLDER

#Only Top users exceeding 5GB
winexe -U $DOMAIN/$ID%"$PASS" //$IP 'powershell.exe -inputformat none -command "Get-ChildItem -Path '"$TDIR"' | Where-Object {$_.length -gt 5GB} | Sort-Object -descending -Property Length | Format-Table Name,@{name='"'"'Size GB'"'"';expression={$_.length/1GB};FormatString='"'"'N1'"'"'}"' | sed -e "$DEL_LINE" | sed '/^\s*$/d' |nl >> $TEMP_HOLDER

echo "

$FOOTER" >> $TEMP_HOLDER
# Display result by cat
cat $TEMP_HOLDER
# Send email
sendemail -u "$MSG_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$TEMP_HOLDER -o message-content-type=text

Result of above script …

1.PNG


PowerShell Get Folder / File ACL list

Get-Acl c:\temp | select -Expand Access

Sample Result:


PS C:\> Get-Acl c:\temp | select -Expand Access
FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited : True
InheritanceFlags : None
PropagationFlags : None

FileSystemRights : 268435456
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : InheritOnly

FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : NT AUTHORITY\SYSTEM
IsInherited : True
InheritanceFlags : None
PropagationFlags : None

FileSystemRights : 268435456
AccessControlType : Allow
IdentityReference : NT AUTHORITY\SYSTEM
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : InheritOnly

FileSystemRights : ReadAndExecute, Synchronize
AccessControlType : Allow
IdentityReference : BUILTIN\Users
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None

FileSystemRights : Modify, Synchronize
AccessControlType : Allow
IdentityReference : NT AUTHORITY\Authenticated Users
IsInherited : True
InheritanceFlags : None
PropagationFlags : None

FileSystemRights : -536805376
AccessControlType : Allow
IdentityReference : NT AUTHORITY\Authenticated Users
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : InheritOnly

PS C:\>


Regard’s
Syed Jahanzaib

February 16, 2017

Modifying ‘tombstoneLifetime’ value in Active Directory

Filed under: Microsoft Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 9:40 AM

Default lifetime for tombstone.jpg


What is tombstone Lifetime?

The AD tombstone lifetime determines how long deleted items exist in AD before they are purged, for example users  or other objects. The default value in Windows 2008 is 180 Days.

Why I need to modify its default value,  ?

We want to increase it for some audit purpose, specially to track deleted objects (example how many Users were deleted in last 1 or 2 years)

Let’s Start …

METHOD # 1 – Using GUI Method

Execute ADSIEdit tool by

%SystemRoot%\system32\adsiedit.msc

  • Now using ADSIEdit tool, connect to your domain controller.
  • Navigate to CN=Directory Services , Right click and select Properties.
  • Find tombstoneLifetime and Click Edit,
  • Now define value in days for how long you want to increase the value. I wanted 2 years so I put 630 . This values must be in DAYS.

As showed in the image below …

tombstone.PNG

Note: By Some mistake, i typed 630, whereas the actual number for 2 years is 730, so change it accordingly


METHOD # 2 – Using PowerSHELL Command

Setting Two Years Tombstone Lifetime

Import-Module ActiveDirectory
$ConfNameContext = Get-ADRootDSE | Select-Object -Expandproperty configurationNamingContext
Set-ADObject -Identity "CN=Directory Service,CN=Windows NT,CN=Services,$ConfNameContext" -Replace @{'tombstonelifetime'='730'}

Querying tombstoneLifetime value via command

 

# Using dsquery command

dsquery * " cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,dc=agp1" -scope base -attr tombstonelifetime

[COMMAND RESULT OUTPUT]

tombstonelifetime
730

# Using POWERSHELL 

#1

(get-adobject “cn=Directory Service,cn=Windows NT,cn=Services,$(([adsi](“LDAP://RootDSE”)).configurationNamingContext)” -properties “tombstonelifetime”).tombstonelifetime

#2

Import-Module ActiveDirectory
$ConfNameContext = Get-ADRootDSE | Select-Object -Expandproperty configurationNamingContext
Get-ADObject -Identity “CN=Directory Service,CN=Windows NT,CN=Services,$ConfNameContext” -properties tombstonelifetime |Format-List

Note / z@iB:

I found out that all commands doesn’t show default tombstoneLifetime. Once I modify the value, then I was able to see the value using above commands.

Regard’s
Syed Jahanzaib

February 15, 2017

Personnel Notes on Active Directory


ad

audit reporting in excel.PNG

Recently our IT dept was going through yearly Audit and we had to provide active directory details asked by the auditor team. I used few commands that saved lot of time to get our desired/trimmed results. and since I mostly use my Ubuntu box to manage large portion of my network, therefore i made few scripts using these commands to be executed from linux based pc.

I had to repeat the whole search criteria every time by refreshing the memory/google, and since it this is a repeating task , and I had to go through the search process every time, I thought to make all these documented so that I can retrieve them when required.

I also linked these scripts with the Linux base WEBMIN, so they can be called by GUI for support staff as well.


Most queries are executed from Linux base system using WINEXE, if you are using windows only then you may want to modify it as required, I am just showing an way of executing AD commands via powershell using *nix 🙂 . The most annoyed thing was to wrap the commands in single/double quotes along with other parameters to make it single liner execution bomb.

Some of following commands are wrapped for linux base execution, and some are common powershell commands, make sure to run import-module activedirectory command before querying AD instance]

Make sure to change the IP / credentials as required.




  • Command to Display Total Number Of Active Directory Users [Including disabled/enabled accounts as well]
(get-aduser -filter *).count
#OR
get-aduser -filter * | measure-object | select-object count
  • Command to Display Total Number Of Active Directory Users [Only ENABLED]
(get-aduser -filter *|where {$_.enabled -eq "True"}).count
#OR
get-aduser -filter 'enabled -eq $true' | measure-object | select-object count
  • Command to Display Total Number Of Active Directory Users [Only DISABLED]
(get-aduser -filter *|where {$_.enabled -ne "False"}).count
  • Command to Display All users along with every detail / information
winexe -U DOMAIN/ID%PASS //10.0.0.1 'powershell.exe -command "import-module activedirectory; Get-ADUser -Filter * -Properties *"'
  • Command to display only single user information as mentioned
winexe -U DOMAIN/ID%PASS //10.0.0.1 'powershell.exe -command "import-module activedirectory; Get-ADUser ZAIB-USER-NAME -Properties *"'
  • Command to display only specific information
winexe -U DOMAIN/ADMIN%"PASSWORD" //10.0.0.1 'powershell.exe -command "import-module activedirectory; Get-ADUser -Filter * -Properties * | select Name,UserPrincipalName,Enabled,LockedOut,Created,LastLogonDate"' 
  • Show Members from SPECIFIC GROUP group only
dsquery group -samid "Domain Admins" | dsget group -members | dsget user
  • Show specific user OU & MemberOf
$user = get-aduser USERNAME;
$memb = (GET-ADUSER –Identity USERNAME –Properties MemberOf | Select-Object MemberOf).MemberOf -replace "DC=DCNAME*" -replace "CN="
$uo = $user.distinguishedname.substring($user.distinguishedname.indexof(",") + 1,$user.distinguishedname.Length - $user.distinguishedname.indexof(",") - 1)
write-host "$($user.Name) = $($uo.split(',')[0])"
echo "Member of:" $memb
  • Command to get all users and show only following fields

UserPrincipalName,Created,Enabled,MemberOf

winexe -U DOMAIN/ID%PASSWORD //10.0.0.1 'powershell.exe -command "import-module activedirectory; Get-ADUser -Filter * -Properties * | select
UserPrincipalName,Created,Enabled,MemberOf |Format-Table -Property * -AutoSize | Out-String -Width 4096 | Out-File c:\1.txt"'
  • Query for speciifc User belongs to which groups
winexe -U DOMAIN/ID%PASS //10.0.0.1 'powershell.exe -command "import-module activedirectory; (GET-ADUSER –Identity zaib.user –Properties MemberOf |  Select-Object MemberOf).MemberOf"'
  • Get Members List of specific Group
winexe -U DOMAIN/ID%PASS //10.0.0.1 'powershell.exe -command "import-module activedirectory; Get-ADGroupMember "'"'Domain Admins'"' |Select name,distinguishedName |  Format-Table -AutoSize"'
  • Show All Users Created Dated Only using PowerShell
winexe -U DOMAIN/ID%PASSWORD //10.0.0.1 'powershell.exe -command "import-module activedirectory; Get-ADUser -Filter * -Properties Created | Select-Object Name,Created | Sort-Object Created"'
  • Show Users created in Last 30 days
winexe -U DOMAIN/ID%PASSWORD //10.0.0.1 'powershell.exe -command "import-module activedirectory; $When = ((Get-Date).AddDays(-30)).Date; Get-ADUser -Filter {whenCreated -ge $When} -Properties whenCreated"'
  • Show Users created in specific after DATE RANGE
Get-ADUser -Filter * -properties whencreated | ? { $_.whenCreated -ge (get-date "January 1, 2017") -and  $_.whenCreated -le (get-date "January 31, 2017")} |Select Samaccountname,whenCreated,office 
  • Show Users created in specific after DATE RANGE
winexe -U DOMAIN/ID%PASS //10.0.0.1 'powershell.exe -command "import-module activedirectory;Get-ADUser -Filter * -properties whencreated | ? { $_.whenCreated -ge (get-date "'"'January 1, 2017'"') -and $_.whenCreated -le (get-date "'"'January 31, 2017'"')} |Select Samaccountname,whenCreated,office"'
  • Show Users DELETED in specific DATA RANGE … [powershell commands]
[datetime]$StartTime = "1/1/2017"
[datetime]$EndTime = "1/15/2017"
Get-ADObject -Filter {(isdeleted -eq $true) -and (name -ne "Deleted Objects") -and (ObjectClass -eq "user")} -includeDeletedObjects -property whenChanged | Where-Object {$_.whenChanged -ge $StartTime -and $_.whenChanged -le $EndTime} |Select Name,whenChanged |Format-Table
  • Show DISABLED Users Only …
#Method 1 using PS
winexe -U DOMAIN/ID%PASS //10.0.0.1 'powershell.exe -command "import-module activedirectory; search-adaccount -UsersOnly -AccountDisabled | select samAccountName"'
  • Show users who have not logged in Since 60 days

winexe -U DOMAIN/ID%PASS //10.0.0.1 'powershell.exe -command "import-module activedirectory; $domain = "DOMAIN-NAME"; $DaysInactive = 60; $time = (Get-Date).Adddays(-($DaysInactive)); Get-ADUser -Filter {LastLogonTimeStamp -lt $time -and enabled -eq $true} -Properties LastLogonTimeStamp"'
# Method 3 using dsquery
dsquery user "dc=Your_Domain_Name" -inactive 2

  • Show DISABLED Users Only using DSQUERY
dsquery user -disabled | dsget user -display -email -dept -title
  • Show Only Specific User Details [ Method#2]
winexe -U DOMAIN/ID%PASSWORD //10.0.0.1 'Net user ZAIB /domain"'

  • Get DHCP info from server to acquire some customized report
# 10.0.0.1 IS DOMAIN
# 101.0.0.0 is our scope
winexe -U DC/ID%PASSWRORD //10.0.0.1 'netsh dhcp server scope 101.0.0.0 show clients 1'
  • Dump DHCP SERVER DETAILS IN FILE for some specific purpose, i required to get mobile devices list
# Dump DHCP
# 101.11.11.5 IS DOMAIN
# 101.11.14. IS MOBILE DEVICES IP SERIES, SO WE ARE CATCHING IT
# 101.11.11.36 IS GATEWAY
# 101.11.11.6 IS OTHER GATEWAY
winexe -U DC/ID%immi_ar0Z //101.11.11.5 'netsh dhcp server \\DCSERVERNAME dump' > /tmp/dhcp_temp.txt
cat /tmp/dhcp_temp.txt | grep 101.11.14. | awk '{ print $11,$12}' | sed -e 's/"101.11.11.6"//g' -e 's/"101.11.11.36"//g' -e 's/"//g' -e 's/ BOTH//g' | sed '/ \r/d' | sort
cat /tmp/dhcp_temp.txt | grep 101.11.14. | awk '{ print $11,$12}' | sed -e 's/"101.11.11.6"//g' -e 's/"101.11.11.36"//g' -e 's/"//g' -e 's/ BOTH//g' | sed '/ \r/d' | sort | wc -l


Regard’s
Syed Jahanzaib

February 13, 2017

Windows Event-Viewer Logging to MYSQL

Filed under: Uncategorized — Syed Jahanzaib / Pinochio~:) @ 2:10 PM

out-of-the-box

In our small office environment, we are using Windows 2008 R2 Active Directory for user management/authentication and control purpose. Dueto some standard operating procedure I was asked to log User Account Creation / Removal events in Linux base mySQL DB. Since windows doesn’t provide option to directly export event into linux base mysql, therefore I made an workaround for it using specific windows events tagged with task scheduler approach. Not to mention , this approach of using task scheduler with events is not a new thing, but it was definitely a bit confusing for a numbnuts like ME on how to acquire only the very specific fields trimmed according to our taste and get it logged in remote linux mysql db. but Alhamdulillah I managed to get it in few hours struggling.

z@iB

Items I used in this post are …

  • Windows 2008 R2 server with Active Directory
  • c:\temp folder to hold temporary information for the triggered event
  • e:\userlog\ folder to hold all logs
  • Event ID which will be logged in local log file and mySQL DB [as required] :

    4720

    New User Account Created

    4726

    User Account Deleted
  • Two batch files which will be executed when specific event will occur.
  • Mysql (I used mysql-5.7.17-winx64.zip) package to add entries in mySQL DB name events 

You can download mysql-5.7.17-winx64.zip from fmy Google Drive at

mysql-5.7.17-winx64 by Syed Jahanzaib


New Account Batch File for LOG [ac-new-log.bat]

@echo off
set MYSQL_HOST=10.0.0.1
set MYSQL_ID=your_mysqlid
set MYSQL_PASS=your_password
set MYSQL_DB=your_events
set MYSQL_TB=your_table
set ACTION=Account Created
set HOLDER=c:\temp\acnew-temp.txt
set LOGFILE=e:\userlog\users-created-log.log
type nul > %HOLDER%
wevtutil qe security /rd:true /f:text /c:1 /q:"*[System/EventID=4720]" > %HOLDER%
for /f "tokens=4" %%a in ('type %HOLDER% ^| find /i "Account Name"') do set accname=%%a
for /f "tokens=3" %%a in ('type %HOLDER% ^| find /i "Event ID"') do set eventid=%%a
for /f "tokens=2" %%a in ('type %HOLDER% ^| find /i "Date"') do set dt=%%a
set HEADER=%eventid% : %accname% / %ACTION% @ ... %dt%
echo %HEADER%
echo %HEADER% >> %LOGFILE%
c:\mysql\bin\mysql -h %MYSQL_HOST% -u%MYSQL_ID% -p%MYSQL_PASS% -e "use %MYSQL_DB%; INSERT INTO %MYSQL_TB% (eventid,type,account,msg) VALUES ('%eventid%','%ACTION
%','%accname%','%HEADER%');" 

Account Delete Batch File for LOG [ac-del-log.bat]

@echo off
set MYSQL_HOST=10.0.0.1
set MYSQL_ID=MY_ID
set MYSQL_PASS=MY_PASS
set MYSQL_DB=DB
set MYSQL_TB=TABLE
set ACTION=Account Deleted
set HOLDER=c:\temp\acdel-temp.txt
set LOGFILE=e:\userlog\users-deleted-log.log
type nul > %HOLDER%
wevtutil qe security /rd:true /f:text /c:1 /q:"*[System/EventID=4726]" > %HOLDER%
for /f "tokens=3" %%a in ('type %HOLDER% ^| find /i "Account Name"') do set accname=%%a
for /f "tokens=3" %%a in ('type %HOLDER% ^| find /i "Event ID"') do set eventid=%%a
for /f "tokens=2" %%a in ('type %HOLDER% ^| find /i "Date"') do set dt=%%a
set HEADER=%eventid% : %accname% / %ACTION% @ ... %dt%
echo %HEADER%
echo %HEADER% >> %LOGFILE%
c:\mysql\bin\mysql -h %MYSQL_HOST% -u%MYSQL_ID% -p%MYSQL_PASS% -e "use %MYSQL_DB%; INSERT INTO %MYSQL_TB% (eventid,type,account,msg) VALUES ('%eventid%','%ACTION%','%accname%','%HEADER%');" 

Attaching Batch files with Specific Event ID

On Domain Controller, open event viewer, goto 4720 event, right click and select ‘Attach Task to This Event‘ and in trigger select your batch file. (for account creation)

As showed in the image below

1- accoutn creation - attach batch file via event viewer.png

1.5 - triggers.PNG

2- trigger action.PNG

Repeat same for event id 4726.

Ok to finish it.


Creating DB in mySQL

Now create a new DB with required name and tables in mySQL …

One example is as follows.

mydb.sql


;-- MySQL dump 10.13 Distrib 5.5.54, for debian-linux-gnu (i686)
--
-- Host: localhost Database: events
-- ------------------------------------------------------
-- Server version 5.5.54-0ubuntu0.12.04.1

/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;

--
-- Table structure for table `mymaindb`
--

DROP TABLE IF EXISTS `mymaindb`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `mymaindb` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`datetime` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`eventid` varchar(40) DEFAULT NULL,
`type` varchar(255) NOT NULL,
`account` varchar(255) NOT NULL,
`msg` varchar(10000) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=462 DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;

--
-- Dumping data for table `mymaindb`
--

LOCK TABLES `mymaindb` WRITE;
/*!40000 ALTER TABLE `mymaindb` DISABLE KEYS */;
INSERT INTO `mymaindb` VALUES (459,'2017-02-13 08:39:45','4720','Account Created','testing.act','4720 : testing.act / Account Created @ ... 2017-02-13T12:02:05.777'),(461,'2017-02-13 08:49:46','4726','Account Deleted','testing.act','4726 : testing.act / Account Deleted @ ... 2017-02-13T12:02:38.521');
/*!40000 ALTER TABLE `mymaindb` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;

/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;

-- Dump completed on 2017-02-13 14:47:11

to import above DB , use following command …

mysql -uroot -pROOTPASS < mydb.sql

Script Result in CMD:

Now try to create/delete a user account in active directory, and you will see the result in mysql db.

I recommend to debug first, to make sure things are working ok, execute the bat file manually to see the results

ac-new-log.bat

script result.PNG

.

Script Result in mySQL DB :

[all above fuss was made just to acquire only specific data trimmed as per out taste, and get it logged in in remote linux mySQL otherwise task was very easy in general]

phpmyadmin snapshot

php-result

mysql cmd line snapshot


mysql> select * from MY_DB;
+-----+---------------------+---------+-----------------+-------------+--------------------------------------------------------------------+
| id | datetime | eventid | type | account | msg |
+-----+---------------------+---------+-----------------+-------------+--------------------------------------------------------------------+
| 459 | 2017-02-13 13:39:45 | 4720 | Account Created | testing.act | 4720 : testing.act / Account Created @ ... 2017-02-13 13:39:45 |
| 461 | 2017-02-13 13:49:46 | 4726 | Account Deleted | testing.act | 4726 : testing.act / Account Deleted @ ... 2017-02-13 13:39:45 |
+-----+---------------------+---------+-----------------+-------------+--------------------------------------------------------------------+
2 rows in set (0.00 sec)


This is a itty-bitty example only, on how you can build your own customized solution using out of the box approach !

Syed Jahanzaib

February 8, 2017

Windows 7 Error: 0x800704cf / Unable to Access remote network shared resources

Filed under: Uncategorized — Syed Jahanzaib / Pinochio~:) @ 2:10 PM

windows-cannot-access-shared-folder

fotolia_3115040_m_tile

Windows cannot access \\testpc
Error Code: 0x800704cf

If your system is a workstation joined with local domain controller and you are getting above (same) error while trying to access ANY shared resource/system on the network, then you may try following fix. This error gave me straight 1 hour headache, so I really don’t want anyone else to bang their head on the wall for the same.

Fix >     :~)

  • Open (Currently active) Network Adapter properties,
  • UNCHECK the ‘Client for microsoft Networks‘  / OK
  • Open Regedit, & Navigate to “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetBT\Parameters”
  • Create a new key with following parameters

Type: DWORD Value
Name: SMBDeviceEnabled
Data: 1

  • Once Done, Restart your computer, & MAKE SURE TO ENABLE THE ‘CLIENT FOR MICROSOFT NETWORK’ in the adapter settings.

Now check and hopefully you will be able to access the shared resources without any error.

TIP/Additional Commands

  • ipconfig /flushdns
  • nbtstat -RR
  • netsh int ip reset
  • netsh winsock reset

Regard’s
Syed Jahanzaib

January 28, 2017

Acquiring Cisco Switch Customized Report via Sms/Email

Filed under: Cisco Related — Syed Jahanzaib / Pinochio~:) @ 10:02 AM

img_20170127_163525339


Scenario:

We have few Cisco switches installed in our network. the OP wants to receive specific switch report via email, by sending SMS to the system (on demand or scheduled), and the system should return the detailed report by email with following details ….

The Task is quite simple, and surely it can be done with more better approach or professional coding, but this is just mine exploration which is working fine for my static requirements. We can add about any other information in the script, as per required.


Requirements for report:

  • The report should be customized according to the OP taste. For this purpose we made an script which does the following
  • Check if IP is missing, exit with error, and return error by email to Admin, otherwise Continue to Next Step…
  • Check if IP is invalid, exit with error, and return error by email to Admin, otherwise Continue to Next Step…
  • Check if IP is not accessible by ping, exit with error, and return error by email to Admin, otherwise Continue to Next Step…
  • Check if SNMP UDP port 161 is not accessible by nmap, exit with error, and return error by email to Admin, otherwise Continue to Next Step…
  • Check if remote device is not a Cisco switch, exit with error, and return error by email to Admin, otherwise Continue to Next Step…
  • Automatically check for all available ports like 24/28/48/52 etc,
  • Check Switch Mode/Type/Firmware/CPU Usage/Switch Uptime/Vlan Count etc
  • Check all Ports Up/Down Status / Port Speed / Last Status Change etc
  • Script start/end Time stamp.

Tools Used in this post … [Extra]

  • Kannel/playsms for receiving SMS and execute the script which will in return sends response by email (or sms) [ I have covered kannel and playSMS in my previous guides at my blog]
  • nmap to query remote device SNMP UDP 161 port [you can use some other methods as well]
  • sendEmail tool to send email [you can use some other methods as well]
    • [ I have covered sendEmail tool usage in my previous guide at my blog]

zaiB!


the Script!


#!/bin/sh
# Script to detect Cisco switch Port status / speed / Description with various checks
# Useful for admins who want to query there switch information by SMS ,
# like we can configure this script to be executed from incoming SMS (using playSMS) and send result by email
# Syed Jahanziab
# http:// aacable . wordpress . com / aacable @ hotmail . com

# to debug script , remove # from following line
#set -x

# Color Codes, we can use these codes to color our black world output
ESC_SEQ="\x1b["
COL_RESET=$ESC_SEQ"39;49;00m"
COL_RED=$ESC_SEQ"31;01m"
COL_GREEN=$ESC_SEQ"32;01m"

# Hostname and other Variables
# Take ip from command line variable
IP="$1"
# Switch SNMP community string
SNMP_STRING="PUBLIC"
HOSTNAME=`hostname`
COMPANY="zaib (Pvt) Ltd."
FOOTER="Powered By Syed.Jahanzaib"
DATE=`date`

# EMAIL RELATED and KANNEL INFO
# for down status, we have to use GMAIL to send email
KANNELURL="127.0.0.1:13013"
KANNELID="kannel"
KANNELPASS="KANNEL_PASS"
CELL1="03333021909"
CELL2="0333XXXXXX"
# GMAIL Section
GMAILID="YOUR_GMAIL_ID@gmail.com"
GMAILPASS="PASS"
ADMINMAIL1="aacableAThotmailDOTcom"
ADMINMAIL2="XXX_XXX@hotmail.com"

#Email Subject Body etc
EMAIL_SUB="INFO: Switch IP $IP - Report @ $DATE"
EMAIL_BODY="/tmp/$ip.email.txt"
echo "
$IP SWITCH QUERY Starts @ $DATE

"

echo "
$IP SWITCH QUERY Starts @ $DATE

" > $EMAIL_BODY
############ DIFFERENT ERROR's VARIABLES ###########
ERR_NOIP="ERROR: Please provide IP of switch

Eaxmple:
portquery 192.168.155.255"

ERR_INVALID_IP="ERROR: Invalid IP address detected. Please provide valid IP of switch

Eaxmple:
portquery 192.168.155.255"

ERR_PING_FAILED="ERROR: Switch IP $IP PING is DOWN ... cannot proceed further... Wziring"
ERR_SNMP="ERROR: Switch IP $IP SNMP not responding. Cannot continue without it... Exiting"
ERR_NO_CISCO="ERROR: $IP - Remote device type doesn't look like CISCO switch... Exiting"

PORTS_TMP_HOLDER="/tmp/$IP.port.numbers"
PORTS_TMP_HOLDER_FINAL="$IP.port.numbers.final"

# If IP is not provided with variable , give error
if [ -z "$IP" ]; then
echo "$ERR_NOIP"
# Send Email reply to Admin for IP not provided error
echo "$ERR_NOIP" >> $EMAIL_BODY
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL2 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
exit 1
fi

# Check for IP addrrss validity, IP must be in format like `port query10.0.0.1`
if expr "$IP" : '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' >/dev/null; then
echo "IP OK" > /dev/null
else
echo "$ERR_INVALID_IP"
# Send Email reply to Admin for invalid IP
echo "$ERR_INVALID_IP" >> $EMAIL_BODY
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL2 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
exit 1
fi

# Check if REMOTE DEVICE is accessibel or not, if not then EXIT immediately with error / zaib
#if [[ $(ping -q -c 3 P) == @(*100% packet loss*) ]]; then
PING_LOSS=`ping -c 1 -q $IP | grep -oP '\d+(?=% packet loss)'`
if [ "$PING_LOSS" = "100" ]; then
echo "$ERR_PING_FAILED"
# Send Email reply to Admin for IP not responding
echo "$ERR_PING_FAILED" >> $EMAIL_BODY
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL2 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
exit 1
fi

# Check if SNMP port is responding or not, because we require SNMP to query all results
SNMP_PORT_QUERY=`nmap -sU -p 161 $IP | grep open`
if [ -z "$SNMP_PORT_QUERY" ]; then
echo "$ERR_SNMP"
# Send Email reply to Admin for SNMP not responding
echo "$ERR_SNMP" >> $EMAIL_BODY
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL2 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
exit 1
fi

# Determine device OS type, if it doesnt contains 'Cisco IOS' word, then exit
DETECT_SW_OS=`snmpwalk -v1 -c $SNMP_STRING $IP 1.3.6.1.2.1.1.1 | grep -R "Cisco IOS"`
if [ -z "$DETECT_SW_OS" ]; then
echo "$ERR_NO_CISCO"
echo "$ERR_NO_CISCO" >> $EMAIL_BODY
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL2 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
exit 1
fi

# Switch name variable / mib etc
MIB="/cfg/mibs/HOST-RESOURCES-MIB"
SW_NAME=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP iso.3.6.1.2.1.1.5.0`
SW_MODEL=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP .1.3.6.1.2.1.47.1.1.1.1.13.1001`
SW_FW=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP .1.3.6.1.2.1.1.1.0 | sed -n '1p'`
SW_CPU_USAGE=`snmpwalk -Oqvn -v1 -c $SNMP_STRING $IP 1.3.6.1.4.1.9.2.1.56.0`
SW_UPTIME=`snmpwalk -v1 -c $SNMP_STRING $IP .1.3.6.1.2.1.1.3.0 | sed 's:.*)::'`
SW_VLAN_COUNT=`snmpwalk -v1 -c $SNMP_STRING $IP iso.3.6.1.2.1.47.1.2.1.1.2 | wc -l`
# Query Port number after trimming and store in file, it will be used for port counting and switch media type as well / zaib
snmpwalk -v1 -c gt $IP .1.3.6.1.2.1.2.2.1.2 | sed '/Stack\|Vlan\|Null/d' > $PORTS_TMP_HOLDER

# Count total ports in switch
PORT_COUNT=`cat $PORTS_TMP_HOLDER | wc -l`

# Query Switch type like if its megabit or gigabit, we will do it using FAST word, pretty lame but its working good for me / zaib
SW_TYPE_Q=`cat $PORTS_TMP_HOLDER | grep Fast`
if [ -z "$SW_TYPE_Q" ]; then

###########################################################
# Consider Switch as GIGAbit and do actions based upon it #
###########################################################

# Print
INFO_HEADER="Switch Model: $SW_MODEL
Switch Name: $SW_NAME
Switch type: GIGABIT Model
Switch Fw : $SW_FW
Switch Uptime: $SW_UPTIME
Switch CPU Usage: $SW_CPU_USAGE
Switch VLAN Numbers: $SW_VLAN_COUNT

Ports Status :
"
echo "$INFO_HEADER"

# Add text for Email Body
echo "$INFO_HEADER" >> $EMAIL_BODY

# Some junk maths
cat $PORTS_TMP_HOLDER | grep -o -P '.{0,0}101.{0,2}' | sed 's/101//' > $PORTS_TMP_HOLDER_FINAL
cat $PORTS_TMP_HOLDER_FINAL | while read ports
do
num=$[$num+1]
PORT_N=`echo $ports`
PORT_DESC_Q=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP 1.3.6.1.2.1.31.1.1.1.18.101$PORT_N | tr -d '"' | grep -E "[[:alnum:]]"`
SW_PORT_LAST_ST_CHANGE=`snmpwalk -On -v1 -c $SNMP_STRING $IP .1.3.6.1.2.1.2.2.1.9.101$PORT_N | sed 's:.*)::'`
if [ "$PORT_DESC_Q" = "" ]; then
PORT_DESC="n/a"
else
PORT_DESC="$PORT_DESC_Q"
fi
PORT_Q=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP 1.3.6.1.2.1.2.2.1.8.101$PORT_N`
if [ "$PORT_Q" -eq 1 ]; then
PORT_STATUS="UP"
else
PORT_STATUS="DOWN"
fi
if [ "$PORT_STATUS" = "DOWN" ]; then
PORT_SPEED="n/a"
else
PORT_SPEED_Q=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP iso.3.6.1.2.1.2.2.1.5.101$PORT_N`
PORT_SPEED=`echo $(($PORT_SPEED_Q/1000/1000)) mbps`
fi
PORT_NAME=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP 1.3.6.1.2.1.31.1.1.1.18.101$PORT_N`

# Finally Spit out all the info gaterhed by above junk code 😀 / zaib
echo "PORT_Number: $PORT_N / Status: $PORT_STATUS / Name: $PORT_DESC / Speed: $PORT_SPEED / Port_Last_Status_Change = $SW_PORT_LAST_ST_CHANGE"
#echo "PORT_Number: $PORT_N / Status: $PORT_STATUS / Name: $PORT_DESC / Speed: $PORT_SPEED / Port_Last_Status_Change = $SW_PORT_LAST_ST_CHANGE" >> $EMAIL_BODY
done

###########################################################
# Consider Switch as Megabit and do actions based upon it #
###########################################################
else
#Print
INFO_HEADER="Switch Model: $SW_MODEL
Switch Name: $SW_NAME
Switch type: MEGABIT Model
Switch Fw : $SW_FW
Switch Uptime: $SW_UPTIME
Switch CPU Usage: $SW_CPU_USAGE
Switch VLAN Numbers: $SW_VLAN_COUNT

Ports Status :
"
echo "$INFO_HEADER"
# Add text for Email Body
echo "$INFO_HEADER" >> $EMAIL_BODY

cat $PORTS_TMP_HOLDER | grep -o -P '.{0,0}100.{0,2}' | sed 's/100//' > $PORTS_TMP_HOLDER_FINAL
cat $PORTS_TMP_HOLDER_FINAL | while read ports
do
num=$[$num+1]
PORT_N=`echo $ports`
PORT_DESC_Q=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP 1.3.6.1.2.1.31.1.1.1.18.100$PORT_N | tr -d '"' | grep -E "[[:alnum:]]"`
SW_PORT_LAST_ST_CHANGE=`snmpwalk -On -v1 -c $SNMP_STRING $IP .1.3.6.1.2.1.2.2.1.9.100$PORT_N | sed 's:.*)::'`
if [ "$PORT_DESC_Q" = "" ]; then
PORT_DESC="n/a"
else
PORT_DESC="$PORT_DESC_Q"
fi
PORT_Q=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP 1.3.6.1.2.1.2.2.1.8.100$PORT_N`
if [ "$PORT_Q" -eq 1 ]; then
PORT_STATUS="UP"
PORT_SPEED_Q=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP iso.3.6.1.2.1.2.2.1.5.100$PORT_N`
PORT_SPEED=`echo $(($PORT_SPEED_Q/1000/1000)) mbps`
else
PORT_STATUS="DOWN"
PORT_SPEED="n/a"
PORT_NAME=`snmpwalk -Oqv -v1 -c $SNMP_STRING $IP 1.3.6.1.2.1.31.1.1.1.18.100$PORT_N`
fi
# Finally Spit out all the info gaterhed by above junk code 😀 / zaib
echo "PORT_Number: $PORT_N / Status: $PORT_STATUS / Name: $PORT_DESC / Speed: $PORT_SPEED / Port_Last_Status_Change = $SW_PORT_LAST_ST_CHANGE"
echo "PORT_Number: $PORT_N / Status: $PORT_STATUS / Name: $PORT_DESC / Speed: $PORT_SPEED / Port_Last_Status_Change = $SW_PORT_LAST_ST_CHANGE" >> $EMAIL_BODY
done
fi
# Send the result via EMAIL to admin emails as mentioned in start.
# Add footer
DATE=`date`
echo "
Switch Query Ends Here at $DATE

$COMPANY
$FOOTER"
echo "
Switch Query Ends Here at $DATE

$COMPANY
$FOOTER" >> $EMAIL_BODY
/temp/sendEmail-v1.56/sendEmail -u "$EMAIL_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$EMAIL_BODY -o message-content-type=text
#cat $MSGDOWNHOLDER | curl "http://$KANNELURL/cgi-bin/sendsms?username=$KANNELID&password=$KANNELPASS&to=$CELL1" -G --data-urlencode text@-

# Script Ends here #

 


Result/Report Sample:

Result via Email:

1- sw-report.PNG


Result in CMD:


#### root@ubuntu:/temp# ./portquery.sh 192.168.255.254

192.168.255.254 SWITCH QUERY Starts @ Sat Jan 28 00:49:07 PKT 2017
Switch Model: "WS-C3750G-24PS-S"
Switch Name: "X-switch"
Switch type: GIGABIT Model
Switch Fw : "Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)
Switch Uptime: 13 days, 17:24:37.14
Switch CPU Usage: 6
Switch VLAN Numbers: 57

Ports Status :

PORT_Number: 01 / Status: UP / Name: n/a / Speed: 1000 mbps / Port_Last_Status_Change = 0:01:19.59
PORT_Number: 02 / Status: DOWN / Name: ServerX / Speed: n/a / Port_Last_Status_Change = 0:01:13.07
PORT_Number: 03 / Status: UP / Name: Server4 / Speed: 1000 mbps / Port_Last_Status_Change = 7 days, 23:46:45.26
PORT_Number: 04 / Status: UP / Name: n/a / Speed: 1000 mbps / Port_Last_Status_Change = 7 days, 23:46:44.53
PORT_Number: 05 / Status: UP / Name: n/a / Speed: 1000 mbps / Port_Last_Status_Change = 0:01:16.08
PORT_Number: 06 / Status: UP / Name: n/a / Speed: 1000 mbps / Port_Last_Status_Change = 7 days, 23:46:42.48
PORT_Number: 07 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.07
PORT_Number: 08 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.07
PORT_Number: 09 / Status: DOWN / Name: vlanX / Speed: n/a / Port_Last_Status_Change = 0:01:13.07
PORT_Number: 10 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 13 days, 1:53:58.05
PORT_Number: 11 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 12 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 13 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 14 / Status: DOWN / Name: test-trunk-XX-new / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 15 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 16 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 17 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 18 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 19 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 20 / Status: UP / Name: XXX_gb_media_test / Speed: 1000 mbps / Port_Last_Status_Change = 0:01:16.09
PORT_Number: 21 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 22 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 23 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:13.08
PORT_Number: 24 / Status: DOWN / Name: up_2_jr_sw / Speed: n/a / Port_Last_Status_Change = 0:01:11.68
PORT_Number: 25 / Status: UP / Name: up-2-XXX / Speed: 1000 mbps / Port_Last_Status_Change = 0:01:18.92
PORT_Number: 26 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:11.71
PORT_Number: 27 / Status: DOWN / Name: n/a / Speed: n/a / Port_Last_Status_Change = 0:01:11.72
PORT_Number: 28 / Status: UP / Name: XXX-SWX by FC / Speed: 1000 mbps / Port_Last_Status_Change = 12 days, 10:12:00.62

Switch Query Ends Here at Sat Jan 28 00:49:22 PKT 2017

zaib (Pvt) Ltd.
Powered By Syed.Jahanzaib
Jan 28 00:49:26 ubuntu sendEmail[16553]: Email was sent successfully!


playSMS COMMAND sample config [for incoming sms action]

playsms command.PNG

playSMS log when incoming message with specific keyword ‘switch x.x.x.x’ is received

127.0.0.1 localhost 2017-01-28 01:11:32 PID588ba9743d5c2 - L2 kannel__call # start load:/var/www/playsms/plugin/gateway/kannel/geturl.php
127.0.0.1 localhost 2017-01-28 01:11:32 PID588ba9743d5c2 - L3 kannel__incoming # remote_addr:127.0.0.1 remote_host:localhost t:[2017-01-28 03:11:27] q:[+923333021909] a:[switch X.X.X.X] Q:[13013] smsc:[] smsc:[]
127.0.0.1 localhost 2017-01-28 01:11:32 PID588ba9743d5c2 - L3 recvsms # isrecvsmsd:1 dt:2017-01-28 03:11:27 sender:+923333021909 m:switch X.X.X.X receiver:13013 smsc:
127.0.0.1 localhost 2017-01-28 01:11:32 PID588ba9743d5c2 - L2 kannel__call # end load geturl
- - 2017-01-28 01:11:32 PID58798d2cbeb7d - L3 recvsmsd # id:261 dt:2017-01-28 03:11:27 sender:+923333021909 m:switch X.X.X.X receiver:13013 smsc:
- - 2017-01-28 01:11:32 PID58798d2cbeb7d - L3 recvsms_process # dt:2017-01-28 03:11:27 sender:+923333021909 m:switch X.X.X.X receiver:13013 smsc:
- - 2017-01-28 01:11:32 PID58798d2cbeb7d - L3 gateway_decide_smsc # SMSC supplied:[] configured:[] decided smsc:[]
- - 2017-01-28 01:11:32 PID58798d2cbeb7d - L3 sms__command # command_exec:/var/lib/playsms/sms_command/1/portquery.sh 'X.X.X.X'
- - 2017-01-28 01:11:58 PID58798d2cbeb7d - L3 recvsms_process # feature:sms_command datetime:2017-01-28 03:11:27 sender:+923333021909 receiver:13013 keyword:SWITCH message:X.X.X.X raw:switch X.X.X.X smsc:

once the sms is received the playsms will execute the script, and will reply back by email or sms OR according to the configuration set in the script.


Regard’s

Syed Jahanzaib

January 26, 2017

Check remote windows logged-in user/lock status via BASH

Filed under: Microsoft Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 10:42 AM

locked

Scenario:

We have Active Directory environment in our office. Clients OS are mixed starting from windows 2000/2003/2008 and Win7.
For some specific reasons/policy, our helpdesk staff is often required to inquire if the employee is working on his workstation or if his/her windows status is locked.

Solution:

Since I am using my Ubuntu box to manage most of the Active Directory functions using Webmin/BASH scripts, therefore I made a small bash script which queries for remote windows logged in user session and windows locked/unlocked status.

The bash script does the following …

  • Check for remote PC PING Status, if ping fails, exit with error
  • Get remote windows IP via NSLOOKUP using local DNS
  • Current Logged-in user and their status
  • Current status of windows either its locked/unlocked.
  • TRIM the results and display according to our taste

the Script!

> root@linux:/temp# cat winuserstatus.sh

#!/bin/bash
# Script to check remote windwos status, like Loggedin + Windows Lock/Unlock status
# More functions can be added/removed as required.
# I attached this script to webmin for our Support dept.
# Syed Jahanzaib / aacable.wordpress.com / aacable @ hotmail . com
# Created: 25-JAN-2017

# set -x
QUSER_HOLDER="/tmp/$1.quser"
LOCK_HOLDER="/tmp/$1.lockstatus"
REMOTE_PC="$1"
PING_ATEMPTS="1"
PING_STATUS="/tmp/$1.ping.status"
LOCAL_DNS_IP="10.0.0.1"

# Domain credentials details so that winexe can execute commands on all domain clients
DOMAIN="domain.local"
DOMAIN_ADMIN="admin"
ADMIN_PASS="password"

# Empty All Holders
> $QUSER_HOLDER
> $LOCK_HOLDER
> $PING_STATUS

# Check if remote PC is accessibel or not,
## IF PING FAILS then inform accordingly and EXIT
ping -q -c $PING_ATEMPTS $REMOTE_PC &>/dev/null > $PING_STATUS
PING_RESULT=`cat $PING_STATUS`
if [ "$PING_RESULT" = "" ]; then
echo "ERROR: Unknown HOST. Exiting"
exit 1
fi

# Print PC NAME (from $1 variable)
echo "
Remote PC = $1"

# Print IP of remote PC via nslookp using local DNS
echo "IP Details =
`nslookup $1 | grep Address | sed /$LOCAL_DNS_IP/d`"

# If ping failed, then print Error and EXIT
if [[ $(ping -q -c $PING_ATEMPTS $REMOTE_PC) == @(*100% packet loss*) ]]; then
echo "$1 not responding to ping request, probably system is not UP"
exit 1
fi

# Query remote windows Logged in user using Linux WINEXE tool
winexe -U $DOMAIN/$DOMAIN_ADMIN%"$ADMIN_PASS" //$1 "quser" > $QUSER_HOLDER
QUSER_RESULT=`cat $QUSER_HOLDER |grep Active`
if [ "$QUSER_RESULT" = "" ]; then
echo "
User Status = No user is active"
else
echo "
User Status = Logged in User found ... details as below ...
$QUSER_RESULT
"
fi

# Query remote windows TASK list to find if windows is locked/unlocked
winexe -U $DOMAIN/$DOMAIN_ADMIN%"$ADMIN_PASS" //$1 "tasklist" > $LOCK_HOLDER
LOCK_RESULT=`cat $LOCK_HOLDER |grep -E "LogonUI.exe|logon.scr"`
if [ "$LOCK_RESULT" = "" ]; then
echo "
Windows Status = Windows is UN-LOCKED!"
else
echo "
Windows Status = Windows is LOCKED"
fi

# Script function ends here
# Thank you


Result:

When User is logged in and windows is LOCKED!

root@linux:/temp# /temp/winuserstatus.sh WORKSTAION-1

Remote PC = WORKSTAION-1
IP Details =
Address: 10.0.0.20
Address: 10.0.0.21

User Status = Logged in User found ... details as below ...
jahan.zaib console 13 Active 1+00:53 1/23/2017 1:57 PM
Windows Status = Windows is LOCKED

When User is logged in and windows is UN-LOCKED!

root@linux:/temp# /temp/winuserstatus.sh WORKSTAION-1

Remote PC = WORKSTAION-1
IP Details =
Address: 10.0.0.21
Address: 10.0.0.20

User Status = Logged in User found ... details as below ...
jahan.zaib console 13 Active 1+00:53 1/23/2017 1:57 PM
Windows Status = Windows is UN-LOCKED!

When User is NOT logged in and windows is LOCKED as well !


root@linux:/temp# /temp/winuserstatus.sh SERVER-2

Remote PC = SERVER-2
IP Details =
Address: 101.11.11.2
No User exists for *

User Status = No user is active

Windows Status = Windows is LOCKED

Regard’s
Syed Jahanzaib

January 19, 2017

Windows Users Centralized Logging with AD & GPO

Filed under: Microsoft Related — Tags: — Syed Jahanzaib / Pinochio~:) @ 7:12 PM

Disclaimer:
This is a reference post for myself, to recall it later when i need it.
There are tons of tools/apps that can automate such tasks, But being lazy/blockhead or fond of fetching result using out of the box approach, I usually try to select method that works for me and which seems easy to me plus with some learning. You may follow the internet to get more elegant / less complicated solution. Read it just to add ideas on how dumb-heads like me doing there work in other dimension approach , lean so that you may enhance it or at least not follow it for many reasons ;). This was a drafted version, later I modified this task for more presentable formatting. Windows batch file is far behind in advance coding as compare to bash, but we understand the limitation dueo to Microsoft platform.

I used WINTAIL to view real time logging of the specific system. we can modify the scripting to any level we want it to be. example we can log this info at our linux based mysql server, email the event, etc etc 😀

Sky is the only limit !

Zaib!


Scenario#1:

We have a domain environment in our office. At one windows 7 workstation, we have some important application installed which is access by specific users Remote (RDP and Dameware remote app) session & dueto some specific issues, the management wanted to store its full logs for following events only …

  1. When user login to the workstation
  2. When user logoff from the workstation
  3. When workstation gets LOCK dueto inactive session (after 5 minutes)
  4. When user connect to any previous session, either local or by remote
  5. When user re-login to the system (unlock)

Following information should be recorded in simple log file at remote server. there must be 2 log file for each user, one for the USER ID , and second for the COMPUTER NAME, so that we can view which users logged in to the PC, or which ID is used to loggedin to the PC. i am unable to explain right now, but later.

  1. Event Type: LOGIN OR LOGOFF
  2. RDP Client IP: If the user is logged in via RDP, his ip should be logged
  3. DAMEWARE IP: If the user is logged in using DAMEWARE remote app, his IP should be logged, it will be triggered by Event ID 1102
  4. Remote Client PC DNS Name: Remote client windows DNS name should be logged
  5. Username: Domain User ID which is being used to logging to the workstation
  6. Computername: name of workstation on which user is logging to
  7. Date / Time

 


Solution:

Since we are using Active Directory, We can use Login/Logoff script using DOMAIN Group Policy. What we will do is to create a new TASK scheduler entry via GPO to trigger task on specific actions like login/logoff/lock/unlock etc.

Requirements:

  • grep
    [Linux tool for windows version, copy its files in shared folder like \\DC1\TOOLS]
  • sed
    [Linux tool for windows version, copy its files in shared folder like \\DC1\TOOLS]
  • login-log.cmd
    This file will add login entry in user/computer log file [Copy it to DC SYSVOL Folder]
  • logoff.cmd
    This file will add logoff entry in user/computer log file [Copy it to DC SYSVOL Folder]
  • lock-log.cmd
    This will log unlock log in user/computer log file [Copy it to DC SYSVOL Folder]
  • Some addition in group policy to add task triggering via GPO

Download grep/sed and place all contents  to some shared location which all user can access example DC1\tools

Create another folder name DC1\userlogs which users can only write in it, but they should not able to browse in it.

Now create files for different tasks


login-log.cmd

@echo off
rem Script to add LOGIN log to our log server
rem *** by Syed Jahanzaib aacable@hotmail.com ***
cls
rem Create Backup folder if not exists already
set TEMPLOC="C:\BACKUP"
if not exist "%TEMPLOC%" mkdir %TEMPLOC%
set LOGLOCAL="%TEMPLOC%\LOCAL.LOG"
set LOGSERVER="\\DC1\userlog\%USERNAME%.log"
set LOGSERVER2="\\DC1\userlog\%COMPUTERNAME%.log"
set IPFILE="%TEMPLOC%\IP.TXT"
set COMPFILE="%TEMPLOC%\COMPNAME.TXT"
set IPADD=
set DAMWIP=
set DAMWIPFILE="%TEMPLOC%\damwipfile.txt"
set COMPNAME=
del %IPFILE% 2> nul
del %COMPFILE% 2> nul
taskkill /F /IM nslookup.exe 2> nul


::# Get IP Address
for /f "skip=1 tokens=2 delims=[]" %%* in (
'ping.exe -n 1 %Computername%') Do (set "LOCALIP=%%*" & goto:exitFor1)
:exitFor1

netstat -na | find "3389" | find "ESTABLISHED" | \\DC1\tools\awk "{print $3}" | \\DC1\tools\sed s/:.*// > %IPFILE%
set /p IPADD=<%IPFILE%
IF "%IPADD%"=="" (
set IPADD=x
)


set "filter=c:\backup/ip.txt"
for %%A in (%filter%) do if %%~zA==0 goto :skipname

nslookup %IPADD% | \\DC1\tools\sed -n "4p" | \\DC1\tools\awk "{print $2}" > %COMPFILE%
set /p COMPNAME=<%COMPFILE%

:skipname
netstat -na | find "6129" | find "ESTABLISHED" | \\DC1\tools\sed -n "2p" | \\DC1\tools\awk "{print $3}" | \\DC1\tools\sed s/:.*// > %DAMWIPFILE%
set /p DAMWIP=<%DAMWIPFILE%
rem echo %DAMWIP%
set "filter=%DAMWIPFILE%"
rem for %%A in (%filter%) do if %%~zA==0 echo no damw
REM goto :skipdamw

IF "%DAMWIP%"=="127.0.0.1" (
set DAMWIP=x
)

IF "%DAMWIP%"=="" (
goto :nodamw
)

:skipdamw
if "%DAMWIP%"=="x" goto :1
nslookup %DAMWIP% | \\DC1\tools\sed -n "4p" | \\DC1\tools\awk "{print $2}" > c:\backup\damwip.txt
set /p COMPNAME=<c:\backup\damwip.txt
goto :skip
:1
if "%IPADD%"=="x" goto :cond
goto :skip
:cond
set IPADD=LOCAL-LOGIN


:nodamw
set DAMWIP=x
:skip

if "%COMPNAME%"=="" set COMPNAME=LOCAL-LOGIN
echo --------------------------------- >> %LOGSERVER%
echo --------------------------------- >> %LOGSERVER2%
ECHO LOGIN >> %LOGSERVER%
ECHO LOGIN >> %LOGSERVER2%
echo RDP Client IP: %IPADD% - / DW IP: %DAMWIP% / Remote Client PC: %COMPNAME% 
echo Login User: %USERNAME% / To: %COMPUTERNAME% / Local IP: %LOCALIP% / %DATE% %TIME% 

echo RDP Client IP: %IPADD% - DW IP: %DAMWIP% / Remote Client PC: %COMPNAME% >> %LOGSERVER%
echo Username - %USERNAME% / Computer - %COMPUTERNAME% / %DATE% %TIME% >> %LOGSERVER%

echo RDP Client IP: %IPADD% - DW IP: %DAMWIP% / Remote Client PC: %COMPNAME% >> %LOGSERVER2%
echo Username - %USERNAME% / Computer - %COMPUTERNAME% / %DATE% %TIME% >> %LOGSERVER2%

echo --------------------------------- >> %LOGSERVER%
echo --------------------------------- >> %LOGSERVER2%
echo --------------------------------- >> %LOGLOCAL%
ECHO LOGIN >> %LOGLOCAL%
echo RDP Client IP: %IPADD% - DW IP: %DAMWIP% / Remote Client PC: %COMPNAME% >> %LOGLOCAL%
echo Username - %USERNAME% / Computer - %COMPUTERNAME% / %DATE% %TIME% >> %LOGLOCAL%

echo --------------------------------- >> %LOGLOCAL%

lock-login.cmd


@echo off
cls
rem *** Script to add workstation is locked entry in log file ***
rem *** Syed Jahanzaib aacable@hotmail.com ***
rem Create Backup folder if not exists already
set TEMPLOC="C:\BACKUP"
if not exist "%TEMPLOC%" mkdir %TEMPLOC%
set LOGLOCAL="%TEMPLOC%\LOCAL.LOG"
set LOGSERVER="\\DC1\userlog\%USERNAME%.log"
set LOGSERVER2="\\DC1\userlog\%COMPUTERNAME%.log"
set IPFILE="%TEMPLOC%\IP.TXT"
set COMPFILE="%TEMPLOC%\COMPNAME.TXT"
set IPADD=
set DAMWIP=
set DAMWIPFILE="%TEMPLOC%\damwipfile.txt"
set COMPNAME=
del %IPFILE% 2> nul
del %COMPFILE% 2> nul
taskkill /F /IM nslookup.exe 2> nul
::# Get IP Address
for /f "skip=1 tokens=2 delims=[]" %%* in (
'ping.exe -n 1 %Computername%') Do (set "LOCALIP=%%*" & goto:exitFor1)
:exitFor1

netstat -na | find "3389" | find "ESTABLISHED" | \\DC1\tools\awk "{print $3}" | \\DC1\tools\sed s/:.*// > %IPFILE%
set /p IPADD=<%IPFILE%
IF "%IPADD%"=="" (
set IPADD=x
)
set "filter=c:\backup/ip.txt"
for %%A in (%filter%) do if %%~zA==0 goto :skipname

nslookup %IPADD% | \\DC1\tools\sed -n "4p" | \\DC1\tools\awk "{print $2}" > %COMPFILE%
set /p COMPNAME=<%COMPFILE%

:skipname
netstat -na | find "6129" | find "ESTABLISHED" | \\DC1\tools\sed -n "2p" | \\DC1\tools\awk "{print $3}" | \\DC1\tools\sed s/:.*// > %DAMWIPFILE%
set /p DAMWIP=<%DAMWIPFILE%
rem echo %DAMWIP%
set "filter=%DAMWIPFILE%"
rem for %%A in (%filter%) do if %%~zA==0 echo no damw
REM goto :skipdamw

IF "%DAMWIP%"=="127.0.0.1" (
set DAMWIP=x
)

IF "%DAMWIP%"=="" (
goto :nodamw
)

:skipdamw
if "%DAMWIP%"=="x" goto :1
nslookup %DAMWIP% | \\DC1\tools\sed -n "4p" | \\DC1\tools\awk "{print $2}" > c:\backup\damwip.txt
set /p COMPNAME=<c:\backup\damwip.txt
goto :skip
:1
if "%IPADD%"=="x" goto :cond
goto :skip
:cond
set IPADD=LOCAL-LOGIN
:nodamw
set DAMWIP=x
:skip

if "%COMPNAME%"=="" set COMPNAME=LOCAL-LOGIN
echo --------------------------------- >> %LOGSERVER%
echo --------------------------------- >> %LOGSERVER2%
ECHO LOCKED >> %LOGSERVER%
ECHO LOCKED >> %LOGSERVER2%
echo RDP Client IP: %IPADD% - / DW IP: %DAMWIP% / Remote Client PC: %COMPNAME%
echo Login User: %USERNAME% / To: %COMPUTERNAME% / Local IP: %LOCALIP% / %DATE% %TIME%

echo RDP Client IP: %IPADD% - DW IP: %DAMWIP% / Remote Client PC: %COMPNAME% >> %LOGSERVER%
echo Username - %USERNAME% / Computer - %COMPUTERNAME% / %DATE% %TIME% >> %LOGSERVER%

echo RDP Client IP: %IPADD% - DW IP: %DAMWIP% / Remote Client PC: %COMPNAME% >> %LOGSERVER2%
echo Username - %USERNAME% / Computer - %COMPUTERNAME% / %DATE% %TIME% >> %LOGSERVER2%

echo --------------------------------- >> %LOGSERVER%

REM --- LOCAL LOG FILE
echo --------------------------------- >> %LOGLOCAL%
ECHO LOCK >> %LOGLOCAL%
echo RDP Client IP: %IPADD% - DW IP: %DAMWIP% / Remote Client PC: %COMPNAME% >> %LOGLOCAL%
echo Username - %USERNAME% / Computer - %COMPUTERNAME% / %DATE% %TIME% >> %LOGLOCAL%

echo --------------------------------- >> %LOGLOCAL%


LOGOFF.CMD

@echo off
echo LOGOFF -- Username: %USERNAME% / PC_name: %COMPUTERNAME% / Local_ip: %LOCALIP% / Rdp_client: %CLIENTNAME% / %DATE% %TIME% >> \\DC1\userlog\%USERNAME%.log
echo LOGOFF -- Username: %USERNAME% / PC_name: %COMPUTERNAME% / Local_ip: %LOCALIP% / Rdp_client: %CLIENTNAME% / %DATE% %TIME% >> \\DC1\userlog\%COMPUTERNAME%.log

 


RELOGIN-LOG.CMD

@echo off
rem *** Script to add log of session continue / relogin ***
rem *** Syed Jahanzaib aacable@hotmail.com ***
rem schtasks /delete /tn "Update LOGIN - LOG to Server" /f
cls
rem test file for computer name
rem Create Backup folder if not exists already
set TEMPLOC="C:\BACKUP"
if not exist "%TEMPLOC%" mkdir %TEMPLOC%
set LOGSERVER=
set LOGTOSERVERBYCOMPNAME=
set LOGSERVER="\\DC1\userlog\%USERNAME%.log"
set LOGTOSERVERBYCOMPNAME="\\DC1\userlog\%COMPUTERNAME%.log"
set LOGLOCAL="%TEMPLOC%\LOCAL.LOG"
set IPFILE="%TEMPLOC%\IP.TXT"
set COMPFILE="%TEMPLOC%\COMPNAME.TXT"
set IPADD=
set DAMWIP=
set DAMWIPFILE="%TEMPLOC%\damwipfile.txt"
set COMPNAME=
del %IPFILE% 2> nul
del %COMPFILE% 2> nul
taskkill /F /IM nslookup.exe 2> nul
::# Get IP Address
for /f "skip=1 tokens=2 delims=[]" %%* in (
'ping.exe -n 1 %Computername%') Do (set "LOCALIP=%%*" & goto:exitFor1)
:exitFor1

netstat -na | find "3389" | find "ESTABLISHED" | \\DC1\tools\awk "{print $3}" | \\DC1\tools\sed s/:.*// > %IPFILE%
set /p IPADD= %COMPFILE%
set /p COMPNAME= %DAMWIPFILE%
set /p DAMWIP= c:\backup\damwip.txt
set /p COMPNAME=> %LOGSERVER%
echo --------------------------------- >> %LOGTOSERVERBYCOMPNAME%
ECHO SESSION-CONTINUED >> %LOGSERVER%
ECHO SESSION-CONTINUED >> %LOGTOSERVERBYCOMPNAME%
echo RDP Client IP: %IPADD% - / DW IP: %DAMWIP% / Remote Client PC: %COMPNAME%
echo Login User: %USERNAME% / To: %COMPUTERNAME% / Local IP: %LOCALIP% / %DATE% %TIME%
echo RDP Client IP: %IPADD% - DW IP: %DAMWIP% / Remote Client PC: %COMPNAME% >> %LOGSERVER%
echo RDP Client IP: %IPADD% - DW IP: %DAMWIP% / Remote Client PC: %COMPNAME% >> %LOGTOSERVERBYCOMPNAME%
echo Username - %USERNAME% / Computer - %COMPUTERNAME% / %DATE% %TIME% >> %LOGSERVER%
echo Username - %USERNAME% / Computer - %COMPUTERNAME% / %DATE% %TIME% >> %LOGTOSERVERBYCOMPNAME%
echo --------------------------------- >> %LOGSERVER%
echo --------------------------------- >> %LOGTOSERVERBYCOMPNAME%

REM --- LOCAL LOG FILE
echo --------------------------------- >> %LOGLOCAL%
ECHO S-RELOGIN >> %LOGLOCAL%
echo RDP Client IP: %IPADD% - DW IP: %DAMWIP% / Remote Client PC: %COMPNAME% >> %LOGLOCAL%
echo Username - %USERNAME% / Computer - %COMPUTERNAME% / %DATE% %TIME% >> %LOGLOCAL%

echo --------------------------------- >> %LOGLOCAL%


Windows Task Scheduler Configuration via GPO

 

1-task-scheudler

2-update-re-login

3-trigger

4-action

for login entries, I used startup script like welcome.vbs

welcome.vbs


' Domain Users Welcome Logon script / syed jahanzaib
dim objShell, objNetwork
set objShell = WScript.CreateObject("WScript.Shell")
set objNetwork = WScript.CreateObject("WScript.Network")
' let's display a welcome message
dim strDomain, strUser
strDomain = objNetwork.UserDomain
strUser = objNetwork.UserName
msgbox "Welcome to AGP (Pvt) Ltd. " & strUser & "!"
' msgbox "Welcome to the " & strDomain & ", " & strUser & "!"
' Syed jahanzaib


Result:

Now you can open the log file at log server, or local pc as well.

---------------------------------
---------------------------------
LOGOFF -- user1.id USER1_PC Mon 01/23/2017 17:03:34.68
---------------------------------
---------------------------------
LOGIN
RDP Client IP: LOCAL-LOGIN - DW IP: x / Remote Client PC: LOCAL-LOGIN
Username - user1.id / Computer - USER1_PC / Tue 01/24/2017 8:31:15.80
---------------------------------
---------------------------------
LOCKED
RDP Client IP: LOCAL-LOGIN - DW IP: x / Remote Client PC: LOCAL-LOGIN
Username - user1.id / Computer - USER1_PC / Tue 01/24/2017 9:33:30.06
---------------------------------
---------------------------------
SESSION-CONTINUED
RDP Client IP: LOCAL-LOGIN - DW IP: x / Remote Client PC: LOCAL-LOGIN
Username - user1.id / Computer - USER1_PC / Tue 01/24/2017 9:36:22.70
---------------------------------
---------------------------------
LOCKED
RDP Client IP: LOCAL-LOGIN - DW IP: x / Remote Client PC: LOCAL-LOGIN
Username - user1.id / Computer - USER1_PC / Tue 01/24/2017 9:36:30.19
---------------------------------
---------------------------------
SESSION-CONTINUED
RDP Client IP: LOCAL-LOGIN - DW IP: x / Remote Client PC: LOCAL-LOGIN
Username - user1.id / Computer - USER1_PC / Tue 01/24/2017 9:49:58.99
---------------------------------

Uuserlog Folder Permission

At remote log server, you can set permission of userlog folder so that user can only write in it, but not explore it.

permission


blah blah blah

Syed.Jahanzaib

January 6, 2017

Gathering Stats from remote Windows via Linux Shell

Filed under: Linux Related, Uncategorized — Tags: , , , , , , , — Syed Jahanzaib / Pinochio~:) @ 2:43 PM

Reference Post:

Following are few simple methods to query information for various instances like remote windows service status , performance monitor instance result with trimming , , execute commands on remote windows box , all being done from our beloved Linux boX 😉

I must admit that even after spending years in this field, I still feel myself very doodle, blockhead & light brain in almost every topic or subject I get confronted with ! STML plays an important role in my Deficiency  ‘_’    – 😉

ots1087__97717-1410905363-1280-1280


Executing command on remote windows server, and get its result in output

$WINEXE --user=$DOMAIN/$ADMINID%$ADMINPASS //$SERVERIP "C:\TEMP\COMMAND.EXE -syntax-if-any"

Note: above command requires WINEXE tool (Linux tools to execute command on remote windows)

Querying Remote Windows Performance Monitor Instances

Example, we have Forefront TMG 2010 and we want to see its Cache Hit % from our linux box shell, so we can use following command (It was real hard to escape nested double quotes :O )

This is very very useful command and it took few hours for me to trim the required result for plotting graph.

winexe -U domain/admin%"password" //MYSERVER 'typeperf -sc 1 -si 1 "\\MYSERVER\Forefront TMG Web Proxy\Cache Hit Ratio (%)"'

and with bash script I used it like

root@linux:/temp# cat tmg-cachehit.sh

#!/bin/bash
# Script to query TMG cache HIT after trimming
#set -x
IP="10.0.0.1"
DOMAIN="MYDOMIN"
ID="ADMIN"
PASS="PASSWORD"
TMP_HOLDER="/tmp/$IP.cache.hit.txt"
winexe -U $DOMAIN/$ID%"$PASS" //$IP 'typeperf -sc 1 -si 1 "\\101.11.11.6\Forefront TMG Web Proxy\Cache Hit Ratio (%)"' > $TMP_HOLDER
RESULT=`cat $TMP_HOLDER | sed -n 3p | awk '{print $2}' | cut -d "," -f 2 | tr -d '"' | cut -f1 -d"."`
echo $RESULT
echo $RESULT

Result:

tmg-cache-hit


Check remote windows service status

Example if we want to query service status result of Lotus domino mail server  from our linux box …

root@linux:/temp# net rpc service status "Lotus Domino Server (DLotusDominodata)" -I 10.0.0.1 --user=DOMAIN/ADMINID%PASSWORD

RESULT:

Lotus Domino Server (DLotusDominodata) service is running.
Configuration details:
Controls Accepted = 0x5
Service Type = 0x110
Start Type = 0x2
Error Control = 0x0
Tag ID = 0x0
Executable Path = "X:\Lotus\nservice.exe" "=X:\Lotus\notes.ini" "-jc" "-c"
Load Order Group =
Dependencies = /
Start Name = LocalSystem
Display Name = Lotus Domino Server (DLotusDominodata)

Allah Shuker


I used all above commands in various script for alerts and mrtg graphing. you can use it to fulfill any customized requirements.

Regard’s
Syed Jahanzaib

Older Posts »

Create a free website or blog at WordPress.com.

%d bloggers like this: