Passwords, Passwords, and more Passwords. Let’s generate a 16 character password that is complex and random that you will have to save into your password manager because you will never remember it.
Lets break it down and then make a function for easier use. We are going to use the concept of PEMDAS. For this breakdown.
Get-Random -Minimum 32 -Maximum 126
This gives us a random number between 32 and 126. Why is this important. The next part is why. We are grabbing a character of X, [char](x), These are considered password-safe characters of the ASCII set.
1..16 | foreach-object {SomeCode}
This part repeats everything in the “some code” area 16 times. So we are grabbing 16 chars. Each loop occurs separately. This creates 16 characters that take up a different line on the shell prompt each time it runs. That’s where the next part comes into play.
[string]::Join("", array )
This part of the script is a string function that joins each part of the array together. Notice the “” part. This adds items inside the array. So if you want the password to have 7 every join, then place “7” here.
Now when you combine all this together. We create an array of random password-safe characters and join them all together. With their powers combined, we have a potential password.
Here we added a count, so we can make more than one and choose from it. By default, we are setting them to 16 and to 1. This way we have a 16 character password that is done only once.
That’s all folks, let me know if you have any questions or corrections.
One of the things I love to do is add a Dad joke to my reports. Reddit has some good ones. What’s cool about Reddit is they have a JSON backend that can be used and Used I do.
This script is super simple. We are using a rest method to grab the JSON information. Wrapping it in a function with a write-host. Nothing more simple.
The first part is the dad jokes themselves. We are grabbing the top jokes on the subreddit. We use the Invoke-RestMethod because we are grabbing that JSON.
The next line grabs a random Joke from the list. The $DadJoke.Data.Children are an array. We are grabbing a random index from the array where the minimum is 0. The maximum is the number of arrays minus one. We do a minus one because everything starts at 0.
Finally, we write-host out the information. Notice once again, we use the $() structure. This way we can grab the subarrays of each item and displays the information accordingly.
A very simple breakdown of the function, and I hope you all enjoyed it.
My last weekly challenge to myself was to deploy google chrome with Powershell. This one was the hardest because it was hard to find the latest and greatest MSI 64 bit of google chrome. The coding wasn’t too hard after that. How google chrome works, follows suit the same way as firefox did.
We first start off getting the latest enterprise edition of google chrome. This is the 64-bit version thus the most stable version on them all. This is the version I would install everywhere in a company if I had a choice.
That’s it. Very simple very straightforward. If you need to uninstall before installing (My testing was a success with overlapping the installers) then you can do the following before Installing google chrome:
Need to deploy the latest version of firefox to 1000 machines, Here is a little powerhouse script that can do just that. It’s similar to my last script (Gimp) as it downloads directly from the web. This time we don’t have to parse out a website since Modzilla has it laid out before us.
The source is awesome. We are downloading directly from the site with their latest 64-bit product. This time we are going with the temporary file and then downloading the file with invoke-webrequest. Then we start the process of installing it with the /s flag which means silent. Since we are coming from the temp folder I threw in the runas flag to run it as the system. This way it installs for all users. Next, we set the wait flag to install the system. From everything I have read, we don’t need to uninstall the previous version to install the newest version. We do however have to stop the process that’s why we have a get process and stop process above. Finally, we remove the installer. That’s it. A lot simpler than Gimp.
The first thing we do is set up the path we want to make. Then we test to see if the path exists. If they don’t, we make them. I’m using temp in this cause because I will be deploying this to 2000+ machines. We will remove the installer afterward. I want the Temp folder to existing afterward for future deployments.
Next, we grab the URL we want to work with This is the gimp’s official download portal. This portal is by default Oldest to newest when you pull from it using Powershell.
Then we use the Invoke-webrequest to grab the website as we did in a previous post. From there we grab all of the links. In this case, since it’s a repo, they are all download links except for 2. We only want the exes of the list, so we use a where-object to find those. Then we select the last 1 as it is the newest version.
Now we need to build our URL and our Path. This is some string controls. Notice the $($Something.Something) in this code. When you deal with an array in a string and want to grab a sub item, you need to call it out with the $().
Now we want to uninstall the pervious version of Gimp. Since gimp doesn’t show up in the win32_products, we go to it manually in the file system. Newer gimps host themselves inside the program files > gimp 2. So we search to see if that folder exists with a test-path. If it does, we then check to see if gimp is running. Then kill it with fire… ok, not fire, but force. Gimp is awesome about putting an uninstaller inside the file system. So we will use that. It’s located in the Gimp 2 > Uninst > Unins000.exe. Which can be triggered with a /verysilent parameter to keep it quiet. We do this with a start process and we use a flag -wait to wait on it to uninstall.
Then we start the install of the new gimp with the start-process again. We use the Download Name we made eailer with an argument list of /verysilent /norestart /allusers and a -wait.
In this article, I will guide you through the process of deploying webroot via Group Policy. This is a fairly straightforward process with only a little editing of the MSI. I am assuming you know how to download the MSI from the webroot portal. The portal changes often, so, I will leave this part out. If you are ready, throw on your group policy pins, and let’s get started.
Super Orca
The first thing you will need is the Super Orca. You can download it here, link. Once you get super orca installed, we will be able to download and set up the webroot MSI.
Open Super Orca
Open the Webroot MSI.
Click the Property On the left (Red Block).
Click GUILIC (Green Block)
Enter the Key Number
Click File
Click Save As
Save as a different name. ALWAYS KEEP THE ORIGINAL!
Shared Folder
Now you have the MSI ready. You need to place it into a shared folder location. This location has to be accessible to every computer in the company as a minimum of read-only. Make sure the share is shared! I can’t tell you how many times I made this mistake. If it’s shared, good, make sure some of the clients can reach it.
Group Policy
Now we have the MSI ready to go. It’s time for the group policy. It’s a very simple computer policy. In my experience, a lot of IT managers don’t want AVs on servers. So, this tutorial will include a wmi filter. Let’s get to it.
Open Group Policy.
Create a new policy and name it Workstation Webroot Deployment
Enter: select * from win32_operatingsystem where producttype = 1
The numbers mean:
Workstation
Domain Controller
Server
Click Ok
Under the WMI Filter Select the WMI Object.
All that is left is linking the GPO. Now you can link it wherever you want. Most orgs have an OU just for workstations and one for servers just for this case. It doesn’t matter where you link it the WMI filter will ignore servers and only hit the workstations.
As always, if you have questions, feel free to ask. If you ever see anything that is wrong, feel free to reach out and correct me. Thank you for reading.
