Installing And Using Samba Shares On Linux

To install samba capabilities on your Linx box, run the following commands:

sudo apt-get install samba samba-common-bin

This will run off an install process, note that it may ask you if you’re sure about installing this, press y to accept and continue.

Now edit the samba configuration file using:

sudo nano /etc/samba/smb.conf

Go all the way to the end of the file and add the following lines…

  • [share]
  • comment=Pi Share
  • path= DIRECTORY LOCATION e.g. /mnt/library
  • browseable = yes
  • writeable = yes
  • only guest = no
  • create mask = 0777
  • public = no
  • guest ok = no

 

At this point your may need to restart the smb service using the following command:

sudo service smbd restart

You may need to know the IP address of the Linux share in order to access it, you can do this by using “ifconfig” and looking for something along the lines of “192.168…” on the eth0 interface”

To access the share using the Windows and R key to bring up the run dialog box and type in the IP address of the Linux box or its hostname. It would now ask you for credentials, here you should use your regular Linux credentials.

You can see this below:

Credentials Prompt

Once it has accepted my credentials I get the following:

Samba Share

Hopefully, you get the same as I did, if not then leave a comment. Enjoy!

 

Better Credentials Checking in PowerShell

This is something that I have recently created so that when a script asks for a credentials and there is an error, it doesn’t display a big, ugly and often intimidating error message for any poor soul trying to run my scripts.

That’s why I have recently (as in yesterday) “created” a “fool proof” way of entering and validating credentials against a domain.

This was a problem because whenever someone ran my script and did ANYTHING other than enter perfectly correct credentials, it would throw and error and exit the script. Or even carry on with the script WITHOUT THE CREDENTIALS, which obviously wouldn’t work. I know, I know. Amateur hour! But it was a crap system I must admit.

That’d why I spent and hour or so creating this beauty! It captures any errors, such as null credentials and incorrect credentials and only continues if a user exists with the same samaccountname as the one entered at the credentials prompt and if the user is in the domain admins group. Just for added “security”. Really I just want the appropriate people to be using the script.

This is the code I use!

#PROMPTING FOR CREDENTIALS
$cred = $host.UI.PromptForCredential("Need credentials", "Please enter your username and password.", "", "")
if ($cred -ne $null -and $cred -ne ''){
 #CHECKING IF THE CREDENTIAL USERNAME EXISTS
 $check = $(try {Get-ADUser -Identity $cred.UserName} catch {$null})

  if ($check -ne $null){
  #GETTING CREDENTIAL USERNAME GROUPMEMBERSHIP
  $checkadmin = Get-ADPrincipalGroupMembership -Identity $cred.UserName
  $checkadminrefined = $checkadmin.SamAccountName
  #PUTTING GROUP MEMBERSHIP INTO AN ARRAY
  $array = $checkadminrefined
  #CHECKING IF USER GROUP LIST CONTAINS DOMAIN ADMINS
  if ($array -contains "Domain Admins"){
   Write-Host "Credentials are GOOD! - Continuing with script" -ForegroundColor Green
   Start-Sleep -Seconds 1
  }else{
   #RESULT IF USER IS NOT DOMAIN ADMINS
   Clear-Host
   Write-Host "Credentials are not a domain admin! - Close and start again" -ForegroundColor Red ;
   $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
   Exit
  }
 }else{
  #RESULT IF NO USER CAN BE FOUND FROM CREDENTIAL USERNAME
  Clear-Host
  Write-Host "Check is empty - No user found matching credentials supplied! - Close and start again" -ForegroundColor Red
  $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
  Exit
 }
}else{
 #RESULT IF PROMPT IS CLOSED / NO CREDENTIALS SUPPLIED
 Clear-Host
 write-host "No credentials supplied - Close and start again" -ForegroundColor Red
 $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
 Exit
}

You should be able to read the script and see which each part does. I left comments in the script which I don’t normally do since it might be easier for you to see what its doing with pointers at each stage.

Enjoy!

Securely Installing and Using FTP on Linux

First, install VSFTP (Very Secure File Transfer Protocol) using the following command:

sudo apt-get install vsftpd

Now edit the vsftpd.conf file to perfect the setup of VSFTP

open the file using:

sudo nano /etc/vsftpd.conf

You should be shown something similar to below:

vsftpd.conf

Make the following changes to the configuration file…

  • anonymous_enable=NO
  • local_enable=YES
  • write_enable=YES
  • chroot_local_users=YES

now add the following lines to the bottom of the file…

  • force_dot_files=YES
  • allow_writable_chroot=YES

 

Now restart the vsftpd service using:

sudo service vsftpd restart

You should now be able to connect to you Linux box using a program such as FileZilla using your username and password. You may need to get the IP address of your Linux box before you know where to connect to. So on your Linux use the command:

ifconfig

to know where to connect to.

You will notice that you cant move out of your home directory. I have this setup fo security reasons but if you wish to remove this then simply comment out the chroot_local_users part of the vsftpd.conf file.

I will be showing in a future blog how to upload files to external drives whilst chrooted in your home directory. Chrooted helps with security as it means that even if someone gets your username and password, they still cant browse the entire system.

Enjoy!

Create, Store & Use Encrypted Passwords With PowerShell

This is just a neat little “tactic” I use when I need to connect to the same machine over and over again but don’t want to drive myself insane with having to constantly enter the same username and password. For example, when testing a script.

First you need to enter your password, in plain text, into this script so that it can get the password. This a perfectly safe as it will only be at this point where the password is in plain text.

$password = "PUT PASSWORD HERE" | ConvertTo-SecureString -AsPlainText -Force

This gets the password that you just entered and encrypts it and also puts it into the variable “password”

Now you need to convert the password to an encrypted string of characters using the below command:

$Password2 = $password | ConvertFrom-SecureString | Out-File "PATH TO TEXT FILE TO STORE PASSWORD"

This puts the encrypted password into the text file for later use.

Now, whenever you need to connect to a machine, you can put this into a variable along with the username. Then put them together into a credential and away you go:

$Username = "DOMAIN\username"

$EcryptedPassword = Get-Content "LOCATION TO TEXT FILE" | ConvertTo-SecureString

$Credential = New-Object System.Management.Automation.PSCredential($Username, $EncryptedPassword)

This builds the credential which you can now use with something similar to below:

Invoke-Command -Credential $Credential -ScriptBlock {echo "test"} -ComputerName "COMPNAME" -Authentication CredCSSP

Enjoy!

Resetting pwdLastReset Attribute in Active Directory

This sort of thing is useful if you have a bunch of users that have passwords which are set to not expired, but then you decide that they do need to expire. But if you simply untick the “Password doesn’t expired” attribute then it will instantly make them change their password because the “pwdLastSet” date will be from when the user was first set-up.

This trick will set the “pwdLastSet” date to today so that they have some warning before being told to reset their password.

First of all, make sure that you have “Advanced Features” turned on from the “View” menu.

Now find the user that you want to reset the value for and edit their properties. Navigate to the “Attribute Editor” tab and scroll down until you see the “pwdLastSet” attribute.

Edit the value to be “0“, this means that the value has never been set. See screenshot below.

Changed to 0

Now click okay on all of the boxes until the users properties window has closed. Now reopen the users window, go back to the attributes editor and change pwdLastSet to “-1. See screenshot below:

Changed to -1

Now press okay to all the boxes until the users properties window has closed. Now when you check for the pwdLastSet attribute it will be set to the current date.

Hope this helped you, enjoy!

Windows Favourites Folder Spelt “Favorites”

Something a little off topic today. Windows naming is weird… that’s it. I found this when trying to run a RoboCopy script to back-up my favourites “Internet Explorer” (Award winning, grama nominated, amazing browser).

This is what my script for RoboCopy used to look like:

robocopy C:\Users\harwoodm\Favourites d:\robocopy\Favourites /MIR /R:1 /W:5 /FFT /LOG:"C:\users\harwoodm\robocopy logs\favourites.txt" /TEE /NP /NFL /NDL

I was getting Error 2, path not found.

Little did I know that, even though in the Explorer it’s spelt “Favourites” the path has it as “Favorites”

EVIDENCE!!!

Favorites

Does this make any sense to you, doesn’t to me…

Anway, hope this helped. Enjoy!

More Auto-Loading, Custom PowerShell Scripts

In this update, you’ll see how I added two or three new scripts to the environment and also changed how most of the scripts work.

One new script that I add was a script that would take CSV data and add the users to a group in Active Directory. You can see this below:

function Get-CSVAddToGroup{
 <#
 .SYNOPSIS
 This function allows you to add usernames from a CSV to a specified Active Directory group.
 It needs confirmation for each addition to a group.

 .EXAMPLE
 Get-CheckCSVAddToGroup -Groupname "all rossendale staff" -path c:\testing\test.csv

 #>
 [cmdletbinding()]
 param(
 [parameter(Mandatory=$true)]
 [string]$groupname,

 [parameter(mandatory=$true)]
 [string]$path
 )

 $csvformembership = Import-Csv -Path $path

 foreach ($b in $csvformembership){
  $name = $b.user
  Add-ADGroupMember -Identity "$groupname" -Members $name -Confirm
 }
}

Another script I added was my script for sending messages to remote computers on the network. You can see this below:

function Send-Message{

 function send-messagewithname{
  $name = Read-Host "Enter a name"
  $msg = Read-Host "enter a message"
  $adcompstocheck = Get-ADComputer -LDAPFilter "(name=$name)" -Properties name

  if ($adcompstocheck -eq $null){
   Write-Host "$name doesn't exist!"
   pause
  }else{
   Invoke-WmiMethod -Path win32_process -Name create -ArgumentList "msg * $msg" -ComputerName "$name"
  }
 }

 function send-messagewithip{
  $ip = Read-Host "enter an IP"
  $msg = Read-Host "enter a message"
  $adcompstocheckip = Get-ADComputer -Filter * -Properties ipv4address, name | select ipv4address
  if ($adcompstocheckip -eq $null){
   write-host "$ip doesn't exist"
   pause
  }else{
   Invoke-WmiMethod -Path win32_process -Name create -ArgumentList "msg * $msg" -ComputerName "$ip"
  }
 }

 do {$nameorip = Read-Host "Do you want to use IP or Name (I or N)?"} while (("i","n") -notcontains $nameorip)
 if ($nameorip -eq "n"){
  send-messagewithname
 }else {
  send-messagewithip
 }
}

Finally, my last script that was added to my custom PowerShell environment allowed me to list all the computers on the network with a specific operating system. For example “2012” or “Professional”. The code for this is below:

function list-OSVersonComputers{
 <#
 .SYNOPSIS
 This function allows you to list all of the computers with the requested OS version.

 .EXAMPLE
 List-OSVersionComputers -OSVersion 2012

 .EXAMPLE
 List-OSVersionComputers -OSVersion standard
 #>
 [cmdletbinding()]
  param(
  [parameter(mandatory=$true)]
  [string]$OSVersion
 )

 $OSVersion2 = '*' + ($OSVersion) + '*'

 Get-ADComputer -Filter {OperatingSystem -like $OSVersion2} -Property * | Format-Table name,operatingsystem,lastlogondate -Wrap -AutoSize
}

I also added help menus to most of my scripts to make them more professional.

My Custom, Auto-Loading PowerShell Scripts

Wanted to add onto a post I made about 10 days ago about creating a custom PowerShell environment. I currently have 3 custom commands for user management, 2 custom commands for group management and 1 command to list these (and the “homepage”) for my PowerShell prompt. So for my first example below, in the custom PowerShell prompt I would use “list-users”.

Users

I suppose I will kick off an just start with my custom commands for user management. By the way, if you didn’t know the name of the function in the PowerShell custom command is the actual commandlet you use in the custom PowerShell prompt.

First of all, I wanted a simple and quick way of getting the all users that are enabled and sorting them, then outputting them to the OGV. The following is what I used:

function list-users{
 Get-ADUser -Filter {enabled -eq $true} | sort | select name, samaccountname | ogv
}

Nice and simple, right…?

Next, I wanted to get the actual location within Active Directory as to where the user account is stored. I also wanted to be able to use a username or a full name in order to search for this information. You can see my code below:

function list-userlocation{

 function list-useragainstusername{
  $username = Read-Host "Input a username"

  $checkingAD = Get-ADUser -LDAPFilter "(samaccountname=$username)"
  if ($checkingAD -eq $null){
   Write-Host "$username does not exist!"
   pause
  }else{Get-ADUser -Identity $username | select distinguishedname }
 }

 function list-useragainstfullname{
  $fullname = read-host "input a full name"
  $checkingAD = get-aduser -ldapfilter  "(name=$fullname)"
  if ($checkingad -eq $null){
   write-host "$fullname does not exist!"
   pause
  }else{get-aduser -ldapfilter "(name=$fullname)" | select Distinguishedname}
 }

 do {$selection = read-host "check against full name or username (F or U)?"} while (("f","u") -notcontains $selection)
 if ($selection -eq "f"){
  list-useragainstfullname
 }elseif ($selection -eq "u"){
  list-useragainstusername
 }
}

Just in case you want to know, the output for the above command will look something like this “CN=NAME,OU=First OU,OU=Second OU,DC=sanderson,DC=lan”.

Finally, I have a command which allows me to get the the group membership of a user and then output that to a file. I have also made this one so that I can use the full name of a user as well as their username.

function list-usermembership{

 function list-usermembershipfromusername{
  $username = read-host "Input a username"

  $checkingAD = Get-ADUser -LDAPFilter "(samaccountname=$username)"
  if ($checkingAD -eq $null){
   Write-Host "$username does not exist!"
   pause
  }else{
   Write-Host "File with membership has been output to the desktop"
   Get-ADPrincipalGroupMembership $username | sort | select name | Out-File -FilePath  "c:\users\YOU!\desktop\$username Group Membership List.txt" -Append
  }
 }

 function list-usermembershipfromfullname{
  $fullname = Read-Host "Input a fullname"

  $checkingAD = Get-ADUser -LDAPFilter "(name=$fullname)"
  if ($checkingAD -eq $null){
   write-host "$fullname does not exist!"
   pause
  }else{
   $fullnameresolved = Get-ADUser -LDAPFilter "(name=$fullname)";
   $filename = $fullnameresolved.SamAccountName;
   Get-ADPrincipalGroupMembership -Identity $fullnameresolved | sort | select name | Out-File "c:\users\YOU!\desktop\$filename Group Membership List.txt" -Append;
   Write-Host "file with membership has been output to the desktop"
  }
 }

 do {$selection = Read-Host "Do you want to use fullnames or usernames? (F or U)"} while (("F","u") -notcontains $selection)
 if($selection -eq "f"){
  list-usermembershipfromfullname
 }elseif ($selection -eq "u"){
  list-usermembershipfromusername
 }else {}

}

Again, just in case you wanted to know, this outputs to a text document that will roughly ressemble the following:

name

—–

Group #1

Group #2

This allows me to quickly see if multiple users are part of a group and also to get a reference of group membership before disabling a user and removing them from all of their groups.

Groups

Lets move onto group management automation. This area is a little less sparse because, well… in my experience atleast, users are dumber than groups.

Again, a very simple one to start off with. This one simply lists all of the groups on the domain, selects certain attributes of the groups, sorts them and then ouputs them to OGV.

Below is the code for that:

function list-groups{

 Get-ADGroup -Filter * | select distinguishedname, name | sort | ogv

}

As I said, the group side of things is a little sparse. As in I only have two custom commands for them.

My other custom command for Active Directory groups collects me the membership information for that group. Like the users, I also make sure that my input matches a group within AD. Below is my code:

function list-groupmembership{
 $groupname = Read-Host "What group do you want to check?"

 $adlistforgroupcheck = Get-ADGroup -LDAPFilter "(name=$groupname)"

 if ($adlistforgroupcheck -eq $null){
  Write-Host "$groupname does not exist"
  pause
 }else {
  Get-ADGroupMember -Identity $groupname | select name, samaccountname | sort name | ogv
 }
}

Re-Displaying the Custom Commands

Now, an issue I ran into when I added these to my PowerShell environment was that when I had ran a command, or used clear-host or something along those lines. It meant that I could no longer see my custom commands, making them useless since I couldn’t remember what I had called the bloody things 🙂

That’s why I create a new command that would imitate what the prompt looks like when I first load it up. You can see my code below:

function list-customcommands{

 write-host @"
Custom PowerShell Environment Loaded
Go to '$profile' for config changes
go to 'documents\windowspowershell\scripts\autoload to add new scripts'

List of commands:             |
USERS                    |   GROUPS
List-users | ogv            |   list-groups | ogv
list-usermembership | file to desktop     |   list-groupmembership | ogv
list-userlocation            |
|
"@

}

Bit of a long post I know, but necessary background on some examples for custom PowerShell environments and Active Directory automation.

Enjoy!

Custom PowerShell Environment and Modules

To add custom PowerShell modules to your PowerShell environment, you first need to find out where you PowerShell profile is. You can do this by typing in:

$profile

into a PowerShell prompt. It should look like the following:

$profile

Now we need to test if the path actually exists. To do this type:

Test-Path $profile

If the prompt returns $true, your good. If it returns $false then you will need to run the following command:

New-Item -Path $profile -Itemtype file -Force

Now that is done we should be able to open the file in notepad. You can either browse to it following the path in $profile or type in:

notepad $profile

This should open a blank text file:

$profile empty

In here is where you specify PowerShell to look for custom modules and can even add text to the PowerShell prompt. For example, if I had the following to the notepad, it will also be displayed when I open a new PowerShell window:

custom $profile (write-host)

But we can also use this to load custom functions into our PowerShell environment. To do this, got to the $profile location, here you should find a folder called “Scripts”

Scripts folder

Go into the folder and create a new folder, mine is called “autoload”

autoload

Here is where you create your custom functions/ scripts. For example, here is what I have:

list-example

where each file contains a single function.

Now that were done with the easy part. You want to go back into your $profile notepad and add the following in order for PowerShell to load your customer functions:

$psdir="C:\users\YOU!\documents\windowspowershell\scripts\YOURSCRIPTFILENAME"

get-childitem "${psdir}\*.ps1" | %{.$_}

You can see from my file. I have multiple files to make for easier sorting of my functions. I also have a custom start screen to list all of my current commands so that I don’t forget them. You can see that below:

$profile example

Just so that you can see, this is what my PowerShell prompts look like:

My prompt

For a list on verbs and commands that you can use, visit the Microsoft website and forums. You DON’T want to use verbs or commands that are used else where or that have a unique purpose. Choose verbs that are different. Good luck. Enjoy!