13 May, 2022

Lansweeper email attachment filters (RegEx)

 Just getting into using Lansweeper's Helpdesk feature...
Working on trimming down what attachments to allow on incoming support emails -

Setting this up is done with RegEx...
Of course, there are no examples inside of the Lansweeper KB, for any of this, and RegEx are non-intuitive, cryptic, and just generally a pain, unless you use it ALL the time.

I don't see any way to ask Lansweeper to add additional content to their KB about this, so I'm putting it here... Plus a way to pop out the correctly formatted RegEx, using PoSh.

On this page: https://<YourLanSweeperURL>/configuration/HelpdeskEmail/

Go to: 'Ignored attachment filters (regular expressions)'

You can test the filter, on that same line of that page, too.

$Start = "^(.(?!.*\.("
$Middle = "jpg|png|bmp|pdf|txt"
$End = ")))*$"

$RegEx_Line = "$Start"+"$Middle"+"$End"
$RegEx_Line

<#
# Result
^(.(?!.*\.(jpg|png|bmp|pdf|txt)))*$

# Ignored attachment filters (regular expressions)
# On this page: https://<YourLanSweeperURL>/configuration/HelpdeskEmail/

"All attachments in E-mails which match one of these regular expressions will not be saved to the web server."

It is an inverted argument - so that anything that 'matches' gets blocked...
Examples:
Filename.jpg - No Match! (Allowed)
Filename.png - No Match! (Allowed)
Filename.bmp - No Match! (Allowed)
Filename.pdf - No Match! (Allowed)
Filename.txt - No Match! (Allowed)

Filename.exe - Match found! (Blocked)
Filename.msi - Match found! (Blocked)
Filename.mp4 - Match found! (Blocked)
Filename.xx2 - Match found! (Blocked)
#>
Posted by at No comments:
Labels: , , , , , , , , , ,

10 May, 2022

netsh advfirewall set allprofiles state off

Just putting this out there for easy copy / pasta

https://github.com/richie65x

###########################

 start ms-cxh:localonly

oobe\bypassnro 

#~~~~~~#

# c:\windows\system32\sysprep\sysprep.exe /oobe /generalize

# https://www.catalog.update.microsoft.com/Search.aspx?q=KB5032190

# Set time-zone automatically
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate -Name start -Value "3"
Set-TimeZone "Eastern Standard Time"
Start-Service W32Time
w32tm /resync /rediscover  

# PoSh ~As admin~ shortcut, and S.T.S.T. set up page, on Desktop
$PathToDesktop = "C:\Users\$env:Username\Desktop"
$TargetFile = "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell_ise.exe"
$ShortcutFile = "$PathToDesktop\PoSh-Admin.lnk"
$WScriptShell = New-Object -ComObject WScript.Shell
$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
$Shortcut.TargetPath = $TargetFile
$Shortcut.Save()

$bytes = [System.IO.File]::ReadAllBytes($ShortcutFile)
$bytes[0x15] = $bytes[0x15] -bor 0x20 #set byte 21 (0x15) bit 6 (0x20) ON
[System.IO.File]::WriteAllBytes($ShortcutFile, $bytes)

$TargetFile = "http://www.somethingtoscrollthrough.com/2022/05/firewall.html"
$ShortcutFile = "$PathToDesktop\STST ~ PC Set-Up.lnk"
$WScriptShell = New-Object -ComObject WScript.Shell
$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
$Shortcut.TargetPath = $TargetFile
$ShortCut.IconLocation = "%SystemRoot%\System32\SHELL32.dll,48"
$Shortcut.Save()

# turn off sleep while plugged in (on AC power)
powercfg /change standby-timeout-ac 0 

# Toggle 'Set timezone automatically' to 'On'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate' -name 'Start' -value 3
# Prevent Edge 'First Run' page
# edge://settings/resetProfileSettings # (hit 'reset' - Use this to reset edge if you want to see the First Run)
New-Item -Path "Registry::HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge"
New-Item -Path "Registry::HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main"
New-ItemProperty -Path "Registry::HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main" -Name "PreventFirstRunPage" -Value 1 -PropertyType "DWord" -Force

##########################################
# Locate the Dell Command-Update download page and open it:

$Mfgr = (Get-CimInstance -ClassName Win32_ComputerSystem).Manufacturer
If ($Mfgr -and $Mfgr -match "Dell") {
$ErrorActionPreference = "SilentlyContinue"
$url = "https://www.dell.com/support/kbdoc/en-us/000177325/dell-command-update"
$webResponse = iwr -Uri $url
$table = $webResponse.ParsedHtml.getElementsByTagName("table")[0]
# Parse the HTML
    $htmlDoc = New-Object -ComObject "HTMLFile"
    $htmlDoc.IHTMLDocument2_write($table.outerHTML)
# Get all table rows
    $rows = $htmlDoc.getElementsByTagName("tr")
# Create array to store results
    $tableData = @()
foreach ($row in $rows) {
    $cells = $row.getElementsByTagName("td"); $rowData = @()
    foreach ($cell in $cells) {
        # Get links within the cell
        $links = $cell.getElementsByTagName("a"); $linkData = @()
        foreach ($link in $links) {
            $linkData += @{ Text = $link.innerText; Href = $link.href } }
        $rowData += @{ Text = $cell.innerText; Links = $linkData } }
    $tableData += ,@($rowData) }

0..(($tableData.Count) - 1) | % {
$Pos0 = $_
    If ($tableData[$Pos0] | ? {
$_.Values -match "Intel|AMD" }) {
$Level0 = $Pos0
$Header = $tableData[0][$Level0].Values
}}

0..((($tableData[1][$Level0].Links).Count) - 1) | % {
$Pos1 = $_
    If ( $tableData[1][$Level0].Links[$Pos1].Text -match "Universal") {
$Level1 = $Pos1; $Link = $tableData[1][$Level0].Links[$Level1].Href
}}

$ErrorActionPreference = "Continue"

Write-Host "$url" -F 10
Write-Host "    $Header" -F 11
Write-Host "        $Link" -F 14 # Can't 'iwr' parse this link - Returns a permissions error.

start microsoft-edge:"$Link"

Function Wait {Start-Sleep -Milliseconds 300}

Do { $edge = Get-Process msedge | ? { $_.MainWindowTitle -match "Dell Command" } | Select -First 1 } Until ( $edge ); Write-Host "Tab Found..."

Add-Type -AssemblyName System.Windows.Forms
        [void][System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
        $wshell = New-Object -ComObject wscript.shell
        $wshell.AppActivate($edge.Id) | Out-Null; Wait # Focus Edge, 'Out-Null' because this prints 'True' on the console
        [System.Windows.Forms.SendKeys]::SendWait("^+a"); Wait # open search box
        [System.Windows.Forms.SendKeys]::SendWait("Dell Command"); Wait
        [System.Windows.Forms.SendKeys]::SendWait("{ENTER}"); Wait; Wait # search for tab
        [System.Windows.Forms.SendKeys]::SendWait("{PGDN}{DOWN}{DOWN}{DOWN}{DOWN}{DOWN}")
} # END 'If ($Mfgr -and $Mfgr -match "Dell") {'

}
############### END DCU finder #####################

# Download and run Windows PC Health, and Update Assistant:
# $Ver = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion').DisplayVersion

Sleep 20

$Foldr = "C:\Users\$env:USERNAME\Downloads"
$Apps = "WindowsPCHealthCheckSetup|Windows11InstallationAssistant"
# gci $Foldr | ? { $_.Name -match $Apps } | ri -Force

# Download PC Health Check App and Installation Assistant - Page: https://www.microsoft.com/en-us/software-download/windows11

@("https://aka.ms/GetPCHealthCheckApp","https://go.microsoft.com/fwlink/?linkid=2171764") | % {
start -FilePath "msedge.exe" -ArgumentList $_
}

Get-Process | ? {$_.ProcessName -Match 'OneDrive'} | Stop-Process -Force 

Do { $PC_HC = (gci "$Foldr" | ? { $_.Name -match "WindowsPCHealthCheckSetup.msi" }).FullName } Until ( $PC_HC )
msiexec.exe /i $PC_HC /qn # Install and run it.

Do {Sleep 1} Until ( Test-Path "C:\Users\$env:USERNAME\AppData\Local\PCHealthCheck\PCHealthCheck.exe" )

If (!(gps | ? { $_.Name -match "PCHealthCheck" })) { start "C:\Users\$env:USERNAME\AppData\Local\PCHealthCheck\PCHealthCheck.exe" }

Do { $Asst = (gci "$Foldr" | ? { $_.Name -match "Windows11InstallationAssistant.exe" }).FullName } Until ( $Asst )

Write-Host "
Click the 'Check Now' [BUTTON] in the 'PC Health Check' window...
Then close 'PC Health Check'..." -F 11

Do {$Running = $null; $Running = gps | ? { $_.Name -match "PCHealthCheck" } } Until (!$Running)
Write-Host "Starting the 'Installation Assistant'..." -F 14
start "C:\Users\$env:USERNAME\Downloads\Windows11InstallationAssistant.exe"
############### Windows PC Health, and Update Assistant #####################

Return; Break

#####################################
Start-Service wuauserv

Install-PackageProvider -Name NuGet -Force
Install-Module -Name PSWindowsUpdate -Force
Get-Package -Name PSWindowsUpdate -Force
Set-ExecutionPolicy -ExecutionPolicy Bypass -Force
Import-Module PSWindowsUpdate

# $ErrorActionPreference = "SilentlyContinue"
Get-WUList
Sleep 5
Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot
$ErrorActionPreference = "Continue"
Return
###########################

Break
# Enable RDP - and show the active IP address
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
(Get-NetIPConfiguration | ? {$_.IPv4DefaultGateway -ne $null -and $_.NetAdapter.status -ne "Disconnected"}).IPv4Address.IPAddress

# Disable the firewall
netsh advfirewall set allprofiles state off
# Set the current connection to 'Private' - By default it is 'Public' so WinRM will not enable.
Set-NetConnectionProfile -InterfaceIndex $((Get-NetConnectionProfile).InterfaceIndex) -NetworkCategory Private
# Enable WinRM
c:\windows\system32\winrm.cmd quickconfig -quiet
# Add DOT.NET 2.0--3.5
# Add-WindowsCapability -Online -Name NetFx3~~~~
###########################

# Get Serial number from BIOS
$SerialNumber = (Get-WmiObject -class win32_bios).SerialNumber
# Dell computers have a shorter Serial number, but others (ie. BeeLink mini's) are too long - This shortens it (to 7 characters) if the SN is longer than 9 characters.
# MPC = Mini PC
If ($SerialNumber.Length -gt 9) { $SerialNumber = "MPC$($SerialNumber.Remove(0, ($SerialNumber.Length - 7)))" }
$SerialNumber
#Read-Host
# Rename the computer to its SN
Rename-Computer -NewName $SerialNumber -Force
Sleep 5
# Gotta reboot
shutdown -r -t 0
###########################

# Make sure you have successfully, and correctly set the computers hostname
hostname
# This grabs the full name of the domain
$Domain_Name = (Get-DnsClient -InterfaceIndex $((Get-NetConnectionProfile).InterfaceIndex)).ConnectionSpecificSuffix
# it is possible to add creds to this command - but just enter username, and password at the credential prompt (no need to add 'domain\')
$JoinFail = $null; Add-Computer -domainname $Domain_Name -ErrorVariable JoinFail
If ($JoinFail -ge 1) {
Write-Host "Well, that didn't work..." -F 14
Write-Host "'$Domain_Name' is in the clipboard..." -F 0 -B 14
$Domain_Name | Set-Clipboard
cmd.exe /c sysdp.cpl
}
Break
# Gotta reboot
shutdown -r -t 0
#---------#



###########################

# Make sure you have successfully, and correctly set the computers hostname

hostname

# This grabs the full name of the domain

$Domain_Name = (Get-DnsClient -InterfaceIndex $((Get-NetConnectionProfile).InterfaceIndex)).ConnectionSpecificSuffix

# it is possible to add creds to this command - but just enter username, and password at the credential prompt (no need to add 'domain\')

Add-Computer -domainname $Domain_Name

Break

# Gotta reboot

shutdown -r -t 0

###########################


Others...

netsh advfirewall set currentprofile state off

netsh advfirewall set domainprofile state off

netsh advfirewall set privateprofile state off

netsh advfirewall set publicprofile state off


Posted by at
Subscribe to: Comments (Atom)