by David | Sep 29, 2020 | Help Desk, Information Technology, PowerShell
We have multiple locations with backup hosted sites. These sites are designed to allow the end-user to access the information they need when the network is down. They are set up with a local database and some basic asp.net coding. However, the devices that communicate with the site must be able to go between multiple locations. This means no hard-coded links as the hosting device has a different name at each location. DNS might not be available as well. The chaos this brings! There is a solution though. Here are the requirements for the solution we created.
- The hosting server can be a different name, but the IP address must end in the same number. In our example, it is .5
- The IP address must be a /24 subnet.
- The /site.html must be the same across the board.
- For example, the site can be http://10.10.1.5/thissite.html at one location and be http://10.10.13.5/thissite.html at another.
lets look at the powershell script really quickly and break it down.
The Script
$IPaddress = (Get-NetIPConfiguration -Detailed | Where-Object {$null -ne $_.IPv4DefaultGateway})[0].ipv4address.ipaddress
Start-Process -FilePath 'C:\Program Files\Internet Explorer\iexplore.exe' -ArgumentList "https://$($IPaddress.split('.')[0]).$($IPaddress.split('.')[1]).$($IPaddress.split('.')[2]).5/login.aspx"
What we are doing with this script is grabbing a detailed report on all the network IP configurations on the local computer. By default, an active network will have a default gateway assigned to it. This can be statically assigned or it can be automatically assigned. Either way, it goes, it’s assigned.
To narrow down the results we use a where-object command to compare null to the IPv4DefaultGateway. If it is null, we don’t want it. If it isn’t, then we want it. After that, we ask for the first result using the [0]. Most companies use the first network as the main network and the second network as a backup. That’s what we do at our company. Also most of the time the second network is a wifi network.
Next, we Ask for the IPv4Address and ask for just the IP address with .IPv4Address.IpAddress. Once we have all that information, we place it into a variable.
Now it’s time to start IE. You can set the browser to whatever program you like, but for now, we are still using IE for grandpa’s coded sites. We do this using the Start-Process command. We tell start-process the file path. This is where you can set google chrome, a 64 bit, edge, etc… It doesn’t matter what the browser is, as long as you point to one.
The Argument List is an important factor here. We give the site information here. We start off with our “https:// Then we do magic. We $($IP.address.split(‘.’)[0]. The act of using two $ is very important inside a double-quoted string. The reason why is we are stating everything inside $() is it’s own thing. We can run different commands inside $() and the output will output at that point in the string. Thus we are breaking the IP address string down by the . and finding each array point. Then after we create that point, we finish it off with a . and start our next $(). We do this until we reach our last octet. Which will be whatever the default IP address is. Finally finishing off with the site name. In this example, login.aspx. Below is the start process part of the command. Take a close look at the argument list. Assume the IP address is 10.10.1.15. This would start a site looking at “https://10.10.1.5/login.aspx”.
Start-Process -FilePath 'C:\Program Files\Internet Explorer\iexplore.exe' -ArgumentList "https://$($IPaddress.split('.')[0]).$($IPaddress.split('.')[1]).$($IPaddress.split('.')[2]).5/login.aspx"
The final step is to set your lnk to open the PowerShell script with a -bypass flag. This way it will execute. Some companies do not allow PowerShell to execute. In that case, this script does not help. You can however use the match version of this script found below.
@echo off
for /f "usebackq tokens=2 delims=:" %%f in (`ipconfig ^| findstr /c:"IPv4 Address"`) do set "ip=%%f"
for /f "tokens=1-4 delims=. " %%a in ("%ip%") do (
set octetA=%%a
set octetB=%%b
set octetC=%%c
set octetD=%%d
)
start "CMD" /D "C:\Windows\System32\" /max "C:\Program Files\Internet Explorer\iexplore.exe" "https://%octetA%.%octetB%.%octetC%.5/login.aspx"
exit
Conclusion
The final idea is to have the link to point to an organic system that can read the current IP structure and point the link to the correct page. This will allow that single roaming device to find those local sites quickly assuming you have a pre-planned infrastructure in place.
by David | Sep 21, 2020 | Information Technology, PowerShell
The PSBoundParameter is an amazing tool that will clear your mind of worries about non-mandatory parameter sets. In my Super Help Desk module I use the credential flag. Inside this flag, I tell the system to use the credentials provided or the currently running credentials.
I do this by testing the $PSBoundParameter.ContainsKey(‘Credential’). What this basically does is test the bounded parameters coming in to see if it contains a keyword. In this case I’m looking for Credential.
if ($PSBoundParameters.ContainsKey('Credential')) {
Do-Something -Credential $Credential
} else {
Do-Something
}
By having the flag set inside the parameter area not set to mandatory, you can test to see if they want to use a special set of credentials or not.
[Parameter(HelpMessage = "Allows for custom Credential.")][System.Management.Automation.PSCredential]$Credential
You can use other parameters as well but the credentials are one of the best usages for $PSboundparameter.containskey(). I do hope you enjoy using this little trick in your future scripts! Let me know what you create.
by David | Sep 12, 2020 | Help Desk, Information Technology, PowerShell
My last blog was about how to find the disabled user OU. Now we will go over how I disable users and move them around to the disabled OU. The next blog will combine all this together and remove inactive accounts that are within a set OU. Let’s rock this!
First first step is to get the disabled OU. In this script, you can either add it yourself or allow it to find the OU for you. It uses the Find-SHDDisabledUsersOU to find it for you.
The next step is to get the user info. We do this with the simple command, Get-ADuser.
$TargetUser = Get-ADUser -Identity $user -Properties *
Now, I believe in removing a user from all Groups that it can be removed from. By default, the default group can’t be removed only reassigned. So, I will not go through the process of reassigning the default group. If that is part of your disabling process, you may modify this code to add it. So, lets remove all the groups.
$Targetuser.memberof | foreach-object { Remove-ADGroupMember -Identity $_.DistinguishedName -Members $targetuser.samaccountname -Confirm:$false }
We list all the memberof of the target user. Then we start a foreach-object. Inside the foreach-object we have a remove-adgroupmember. Notice the Identity tag is using the $_.DistinguishedName. This prevents errors and makes things generally faster. Only by a few milliseconds. Those milliseconds do add up over time. Then we tell it to remove the Samaccountname of the target user. The final step is what devides automation from “Damn confirmation boxes” -Confirm:$False. This flag surpresses the need to confirm everything. Thus clearing out all the groups. On average this takes about 1 second for me whie on network.
The next step is to clear all the information from the user account. 90% of the time the users that do come back, come back as something else. Most of the time, they don’t come back. We do this with a Set-ADuser command.
Set-ADUser -Identity $TargetUser.samaccountname -Department '' -Title '' -City '' -Company '' -Country '' -Description '' -Division '' -EmailAddress '' -EmployeeID '' -EmployeeNumber '' -Fax '' -Enabled $false -HomeDirectory '' -HomeDrive '' -HomePage '' -HomePhone '' -OtherName '' -Manager '' -LogonWorkstations '' -MobilePhone '' -Office '' -OfficePhone '' -Organization '' -POBox '' -PostalCode '' -ProfilePath '' -ScriptPath '' -State '' -StreetAddress ''
The set-aduser command is straight forward. It uses the Target user samaccountname and clears anything I can. Now we will reset the password.
$Password = -join ((32..95) + (97..126) | Get-Random -Count 90 | ForEach-Object { [char]$_ })
Set-ADAccountPassword -Identity $TargetUser.Samaccountname -Reset -NewPassword (ConvertTo-SecureString -AsPlainText -String $Password -Force)
We want the length of the password to be 90 characters long. We then start a loop and join the characters we want (Password-safe characters) and get the random of these characters. Then We loop through that to get our password. After that, we push this password into the password reset command. Set-ADAccountPassword.
Notice in the password reset command, we use the flag Reset. Then NewPassword. Notice with the newpassword tag we have a converto-securestring.
ConvertTo-SecureString -AsPlainText -String $Password -Force
We run the text as plain text and force the string. This gives us a secure password to use. As the admin, we don’t need to know the password as we can reset it later.
Now we disable the account with disable-adaccount.
Disable-ADAccount -Identity $TargetUser.samaccountname
Disable-ADAccount is very straight forward. You give it the identity of the user with the targetuser.samaccountname and your done.
The final step is to move the user to the Disabled OU. We do this with Move-ADObject.
Move-ADObject -Identity $TargetUser.samaccountname -TargetPath $DisabledOU
We are telling the system to move the AD user to the disabled ou path. Now we are done. From here you can have an email sent or any other notification information if you want to see the output. Ok, it’s time. lets put it all together.
The Script
Function Disable-SHDUser {
<#
.SYNOPSIS
.DESCRIPTION
.PARAMETER
.EXAMPLE
.INPUTS
.OUTPUTS
.NOTES
.LINK
#>
[cmdletbinding()]
param (
[Parameter(
ValueFromPipeline = $True,
ValueFromPipelineByPropertyName = $True,
HelpMessage = "Provide the target hostname",
Mandatory = $true)][Alias('Hostname', 'cn')][String[]]$Username,
[parameter(HelpMessage = "Moves to this OU if provided, If not, finds disable ou and moves it.")][string]$OU,
[Parameter(HelpMessage = "Allows for custom Credential.")][System.Management.Automation.PSCredential]$Credential
)
if ($PSBoundParameters.ContainsKey('Credential')) {
if ($PSBoundParameters.ContainsKey('OU')) {
$DisabledOU = $OU
} else {
$DisabledOU = Find-SHDDisabledUsersOU -Credential $Credential
}
foreach ($user in $Username) {
$TargetUser = Get-ADUser -Identity $user -Properties * -Credential $Credential
$Targetuser.memberof | foreach-object { Remove-ADGroupMember -Credential $Credential -Identity $_.DistinguishedName -Members $targetuser.samaccountname -Confirm:$false }
Set-ADUser -Identity $TargetUser.samaccountname -Department '' -Title '' -City '' -Company '' -Country '' -Description '' -Division '' -EmailAddress '' -EmployeeID '' -EmployeeNumber '' -Fax '' -Enabled $false -HomeDirectory '' -HomeDrive '' -HomePage '' -HomePhone '' -OtherName '' -Manager '' -LogonWorkstations '' -MobilePhone '' -Office '' -OfficePhone '' -Organization '' -POBox '' -PostalCode '' -ProfilePath '' -ScriptPath '' -State '' -StreetAddress '' -Credential $Credential
$Password = -join ((32..95) + (97..126) | Get-Random -Count 90 | ForEach-Object { [char]$_ })
Set-ADAccountPassword -Identity $TargetUser.Samaccountname -Reset -NewPassword (ConvertTo-SecureString -AsPlainText -String $Password -Force) -Credential $Credential
Disable-ADAccount -Identity $TargetUser.samaccountname -Credential $Credential
Move-ADObject -Identity $TargetUser.samaccountname -TargetPath $DisabledOU -Credential $Credential
}
}
else {
if ($PSBoundParameters.ContainsKey('OU')) {
$DisabledOU = $OU
} else {
$DisabledOU = Find-SHDDisabledUsersOU
}
foreach ($user in $Username) {
$TargetUser = Get-ADUser -Identity $user -Properties *
$Targetuser.memberof | foreach-object { Remove-ADGroupMember -Identity $_.DistinguishedName -Members $targetuser.samaccountname -Confirm:$false }
Set-ADUser -Identity $TargetUser.samaccountname -Department '' -Title '' -City '' -Company '' -Country '' -Description '' -Division '' -EmailAddress '' -EmployeeID '' -EmployeeNumber '' -Fax '' -Enabled $false -HomeDirectory '' -HomeDrive '' -HomePage '' -HomePhone '' -OtherName '' -Manager '' -LogonWorkstations '' -MobilePhone '' -Office '' -OfficePhone '' -Organization '' -POBox '' -PostalCode '' -ProfilePath '' -ScriptPath '' -State '' -StreetAddress '' -Credential $Credential
$Password = -join ((32..95) + (97..126) | Get-Random -Count 90 | ForEach-Object { [char]$_ })
Set-ADAccountPassword -Identity $TargetUser.Samaccountname -Reset -NewPassword (ConvertTo-SecureString -AsPlainText -String $Password -Force)
Disable-ADAccount -Identity $TargetUser.samaccountname
Move-ADObject -Identity $TargetUser.samaccountname -TargetPath $DisabledOU
}
}
}
by David | Sep 12, 2020 | Help Desk, Information Technology, PowerShell
Have you ever started in a company and there was no documentation? The disabled OU isn’t named “Disabled Users” and things are just what the heck? This powershell script will help find that disabled user OU. Believe it or not, it’s a one liner.
((Get-ADUser -filter { enabled -eq $false }).Distinguishedname -replace '^CN=.*?,', '' | Group-Object | Sort-Object -Property Count -Descending | Select-Object -First 1).name
Lets tare this bad boy apart. First we have a Get-Aduser -filter { Enabled -eq $False}. So we want all the users in the company who are disabled. From there we are selecting only the DistinguishedName. We want to remove the first part of the DistinguishedName with a replace command. The Regex is ^CN=.*?,’,” Lets break this down.
.Distinguishedname -replace '^CN=.*?,', ''
^CN= tells us we are looking for the first “CN=” inside this string. Then we ask for the wild cards up to the first , with .*?. We tell it to replace it with nothing, aka double single quotes, ”.
Now this gives us all the OUs that everyone who is disabled lives in. Next we group them together with Group-Object. Group-object is going to give us a clean count of each OU and how many unique items there are for each OU.
| Sort-Object -Property Count -Descending
Next we want to organize everything with a Sort-Object. We select the count property and put it in descending order. This way we can select the first one in the final piece of the puzzle.
| Select-Object -First 1).name
Now we use the Select-object -First 1 command to get the first object from the descending list. This will give you the highest disabled users counted OU.
The Script
function Find-SHDDisabledUsersOU {
[cmdletbinding()]
param (
[Parameter(HelpMessage = "Allows for custom Credential.")][System.Management.Automation.PSCredential]$Credential
)
if ($PSBoundParameters.ContainsKey('Credential')) {
((Get-ADUser -filter { enabled -eq $false } -Credential $Credential).Distinguishedname -replace '^CN=.*?,', '' | Group-Object | Sort-Object -Property Count -Descending | Select-Object -First 1).name
}
else {
((Get-ADUser -filter { enabled -eq $false }).Distinguishedname -replace '^CN=.*?,', '' | Group-Object | Sort-Object -Property Count -Descending | Select-Object -First 1).name
}
}
by David | Sep 12, 2020 | Help Desk, Information Technology, PowerShell
I hate it when someone calls and says they can’t hear their video while on a terminal server. 99% of the time is because the sound is muted on the local computer. Believe it or not, this is very simple to solve. We do this by using wscript.shell.
$Obj = New-Object -com wscript.shell
We first start by making the object wscript.shell. This little guy will give us all kinds of awesome access to a computer. Later we will wrap this up in an invoke-command.
1..100 | foreach-object { $obj.sendkeys([char]174) }
Next, we lower the volume to 0. We do this to have an absolute value. The char key 174 on the average windows computer is volume down. Thus we do it 100 times. Now we have an absolute, we can set the volume to what we want by increasing the value.
0..$Volume | foreach-object { $obj.sendkeys([char]175) }
This part will loop the volume up until the volume we tell it is reached. Using this method, we don’t have to create a sound object. We are using what is in the computer’s OS already.
The Script
function Set-SHDComputerSpeaker {
[cmdletbinding()]
param (
[Parameter(
ValueFromPipeline = $True,
ValueFromPipelineByPropertyName = $True,
HelpMessage = "Provide the target hostname",
Mandatory = $true)][Alias('Hostname', 'cn')][String[]]$Computername,
[Parameter(HelpMessage = "Allows for custom Credential.")][System.Management.Automation.PSCredential]$Credential,
[Parameter(Helpmessage = "Increase volume by",Mandatory = $true)][int]$Volume
)
foreach ($computer in $Computername) {
if (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
try {
if ($PSBoundParameters.ContainsKey('Credential')) {
Invoke-Command -ComputerName $computer -Credential $Credential {
$Obj = New-Object -com wscript.shell
1..100 | foreach-object { $obj.sendkeys([char]174) }
0..$Volume | foreach-object { $obj.sendkeys([char]175) }
}
}
else {
Invoke-Command -ComputerName $computer {
$Obj = New-Object -com wscript.shell
1..100 | foreach-object { $obj.sendkeys([char]174) }
0..$Volume | foreach-object { $obj.sendkeys([char]175) }
}
}
}
catch {
Write-Warning "Unable to capture Data from $Computer."
}
}
else {
Write-Warning "$Computer is offline."
}
}
}
As stated above, we wrapped up the code into an invoke-command and placed some testing around it. Now all you have to do is:
Set-SHDComputerSpeaker -Computername 'Workstation1','Workstation2' -Volume 50
Or you can add the credential’s tag.
Set-SHDComputerSpeaker -Computername 'Worktation1',"Workstation2' -Volume 50 -Credential (Get-Credential)
I hope this is helpful to you. Share it with others if you find this useful.
