Friday, May 13, 2022

Lansweeper email attachment filters (RegEx)

 Just getting into using Lansweeper's Helpdesk feature...
Working on trimming down what attachments to allow on incoming support emails -

Setting this up is done with RegEx...
Of course, there are no examples inside of the Lansweeper KB, for any of this, and RegEx are non-intuitive, cryptic, and just generally a pain, unless you use it ALL the time.

I don't see any way to ask Lansweeper to add additional content to their KB about this, so I'm putting it here... Plus a way to pop out the correctly formatted RegEx, using PoSh.

On this page: https://<YourLanSweeperURL>/configuration/HelpdeskEmail/

Go to: 'Ignored attachment filters (regular expressions)'

You can test the filter, on that same line of that page, too.

$Start = "^(.(?!.*\.("
$Middle = "jpg|png|bmp|pdf|txt"
$End = ")))*$"

$RegEx_Line = "$Start"+"$Middle"+"$End"
$RegEx_Line

<#
# Result
^(.(?!.*\.(jpg|png|bmp|pdf|txt)))*$

# Ignored attachment filters (regular expressions)
# On this page: https://<YourLanSweeperURL>/configuration/HelpdeskEmail/

"All attachments in E-mails which match one of these regular expressions will not be saved to the web server."

It is an inverted argument - so that anything that 'matches' gets blocked...
Examples:
Filename.jpg - No Match! (Allowed)
Filename.png - No Match! (Allowed)
Filename.bmp - No Match! (Allowed)
Filename.pdf - No Match! (Allowed)
Filename.txt - No Match! (Allowed)

Filename.exe - Match found! (Blocked)
Filename.msi - Match found! (Blocked)
Filename.mp4 - Match found! (Blocked)
Filename.xx2 - Match found! (Blocked)
#>

Tuesday, May 10, 2022

netsh advfirewall set allprofiles state off

Just putting this out there for easy copy / pasta

###########################

#~~~~~~#
# c:\windows\system32\sysprep\sysprep.exe /oobe /generalize
# https://www.catalog.update.microsoft.com/Search.aspx?q=KB5032190

# PoSh ~As admin~ shortcut, and S.T.S.T. set up page, on Desktop
$PathToDesktop = "C:\Users\$env:Username\Desktop"
$TargetFile = "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell_ise.exe"
$ShortcutFile = "$PathToDesktop\PoSh-Admin.lnk"
$WScriptShell = New-Object -ComObject WScript.Shell
$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
$Shortcut.TargetPath = $TargetFile
$Shortcut.Save()

$bytes = [System.IO.File]::ReadAllBytes($ShortcutFile)
$bytes[0x15] = $bytes[0x15] -bor 0x20 #set byte 21 (0x15) bit 6 (0x20) ON
[System.IO.File]::WriteAllBytes($ShortcutFile, $bytes)

$TargetFile = "http://www.somethingtoscrollthrough.com/2022/05/firewall.html"
$ShortcutFile = "$PathToDesktop\STST ~ PC Set-Up.lnk"
$WScriptShell = New-Object -ComObject WScript.Shell
$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
$Shortcut.TargetPath = $TargetFile
$ShortCut.IconLocation = "%SystemRoot%\System32\SHELL32.dll,48"
$Shortcut.Save()

# Prevent Edge 'First Run' page
# edge://settings/resetProfileSettings # (hit 'reset' - Use this to reset edge if you want to see the First Run)
New-Item -Path "Registry::HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge"
New-Item -Path "Registry::HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main"
New-ItemProperty -Path "Registry::HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main" -Name "PreventFirstRunPage" -Value 1 -PropertyType "DWord" -Force

# start msedge http://www.somethingtoscrollthrough.com/2022/05/firewall.html
get-process | ? {$_.MainWindowTitle -and $_.Name -match "edge"} | kill

Install-PackageProvider -Name NuGet -Force
Install-Module -Name PSWindowsUpdate -Force
Get-Package -Name PSWindowsUpdate -Force
Set-ExecutionPolicy -ExecutionPolicy Bypass -Force
Import-Module PSWindowsUpdate

$ErrorActionPreference = "SilentlyContinue"
Get-WUList
Sleep 5
Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot
$ErrorActionPreference = "Continue"
Return
###########################

Break
# Enable RDP - and show the active IP address
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
(Get-NetIPConfiguration | ? {$_.IPv4DefaultGateway -ne $null -and $_.NetAdapter.status -ne "Disconnected"}).IPv4Address.IPAddress
# Set time-zone automatically
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate -Name start -Value "3"
Set-TimeZone "Eastern Standard Time"
w32tm /resync
# Disable the firewall
netsh advfirewall set allprofiles state off
# Set the current connection to 'Private' - By default it is 'Public' so WinRM will not enable.
Set-NetConnectionProfile -InterfaceIndex $((Get-NetConnectionProfile).InterfaceIndex) -NetworkCategory Private
# Enable WinRM
c:\windows\system32\winrm.cmd quickconfig -quiet
# Add DOT.NET 2.0--3.5
Add-WindowsCapability -Online -Name NetFx3~~~~
###########################

# Get Serial number from BIOS
$SerialNumber = (Get-WmiObject -class win32_bios).SerialNumber
# Dell computers have a shorter Serial number, but others (ie. BeeLink mini's) are too long - This shortens it (to 7 characters) if the SN is longer than 9 characters.
# MPC = Mini PC
If ($SerialNumber.Length -gt 9) { $SerialNumber = "MPC$($SerialNumber.Remove(0, ($SerialNumber.Length - 7)))" }
$SerialNumber
#Read-Host
# Rename the computer to its SN
Rename-Computer -NewName $SerialNumber -Force
Sleep 5
# Gotta reboot
shutdown -r -t 0
###########################

# Make sure you have successfully, and correctly set the computers hostname
hostname
# This grabs the full name of the domain
$Domain_Name = (Get-DnsClient -InterfaceIndex $((Get-NetConnectionProfile).InterfaceIndex)).ConnectionSpecificSuffix
# it is possible to add creds to this command - but just enter username, and password at the credential prompt (no need to add 'domain\')
$JoinFail = $null; Add-Computer -domainname $Domain_Name -ErrorVariable JoinFail
If ($JoinFail -ge 1) {
Write-Host "Well, that didn't work..." -F 14
Write-Host "'$Domain_Name' is in the clipboard..." -F 0 -B 14
$Domain_Name | Set-Clipboard
cmd.exe /c sysdp.cpl
}
Break
# Gotta reboot
shutdown -r -t 0
#---------#



###########################

# Make sure you have successfully, and correctly set the computers hostname

hostname

# This grabs the full name of the domain

$Domain_Name = (Get-DnsClient -InterfaceIndex $((Get-NetConnectionProfile).InterfaceIndex)).ConnectionSpecificSuffix

# it is possible to add creds to this command - but just enter username, and password at the credential prompt (no need to add 'domain\')

Add-Computer -domainname $Domain_Name

Break

# Gotta reboot

shutdown -r -t 0

###########################


Others...

netsh advfirewall set currentprofile state off

netsh advfirewall set domainprofile state off

netsh advfirewall set privateprofile state off

netsh advfirewall set publicprofile state off