RSS

Tag Archives: Scripting

PowerShell – Determine which Active Directory objects are protected from accidental deletion

09 Jan

In yesterday’s post I showed some commands to protect all or specific Active Directory objects from accidental deletion.

In some situations (by example preparing for a change) you might want to know which objects are protected from accidental deletion and which are not. Also when multiple people make changes in an Active Directory it might prove difficult to keep track of the changes.

To determine the protection status of AD objects, I use a script that checks the ACL of the AD Object. When Everyone is explicitly Denied access, it is protected from accidental deletion.

 
Leave a comment

Posted by on January 9, 2013 in Automation, ICT, Microsoft, Powershell, Windows, Windows 2008, Windows 2012

 

Tags: , , , , , , , , , , , ,

PowerShell – Protect Active Directory objects from accidental deletion

08 Jan

In a previous blog post I explained how to enable the Active Directory Recycle Bin which allows you to restore deleted active directory object.

But even though it’s great to be able to restore objects, it is even better to prevent accidental deletion. What accidental deletion basically does, is modify the permissions on an AD object to Deny Everyone so you won’t be able to delete it by accident.

More information about protection from accidental deletion can be found in “Preventing Unwanted/Accidental deletions and Restore deleted objects in Active Directory” and “Windows Server 2008 Protection from Accidental Deletion“.

In Windows Server 2012 with all the new cmdlets, it has become much easier to enable protection from accidental deletion.

By example, you could use these commands:

#Get-ADobject class names
get-adobject -filter * | select objectclass | group objectclass

#Protect specific AD object classes from accidental deletion
get-adobject -filter * | where{($_.ObjectClass -eq “container”) -or ($_.ObjectClass -eq “organizationalunit”) -or ($_.ObjectClass -eq “user”) -or ($_.ObjectClass -eq “group”) -or ($_.ObjectClass -eq “computer”)} | Set-ADObject -ProtectedFromAccidentalDeletion $true

#Protect all AD organizational units from accidental deletion
Get-ADOrganizationalUnit -filter * | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true

#Protect all AD objects from accidental deletion
Get-ADobject -filter * | Set-ADObject -ProtectedFromAccidentalDeletion $true

 
1 Comment

Posted by on January 8, 2013 in Automation, ICT, Microsoft, Powershell, Windows, Windows 2008, Windows 2012

 

Tags: , , , , , , , , , , , , , ,

PowerShell – Add websites to the Flash whitelist for Internet Explorer 10 (Metro – Modern UI)

05 Jan

[EDIT] 09-04-2013 : As described in my blog post, this script has become unnecessary for most people. This is because Microsoft to allow almost every Flash site by default. [EDIT]

[EDIT] 13-01-2013 : Apparently for Windows RT, the script doesn’t seem to be working yet. Unfortunately I have no Windows RT to troubleshoot and resolve the issue. [EDIT]

Windows 8 and Windows RT include support for Flash in Internet Explorer 10.

In Windows 8 there are however two version of Internet Explorer 10 that handle flash websites differently. First there’s Internet Explorer 10 Desktop, which is similar as the Internet Explorer you’ve been used to with previous versions of Windows. Then there’s also Internet Explorer 10 (non Desktop), which is the Internet Explorer in the new modern/Windows interface (Metro) that is full screen.

Internet Explorer 10 Desktop allows Flash for all websites. Internet Explorer 10 (Metro) only allows Flash for websites that have been whitelisted.

Especially for Windows tablets, Flash support can be a selling point because most other tablets don’t have Flash support. It is however confusing for regular consumers that not all their websites will work. By example a friend of mine who’s a hairdresser, uses http://www.kapperssite.nl to show her customers hair models and their haircuts. The site is however completely in Flash and that it is not working by default is very annoying.

The websites that have been whitelisted are defined in your local appdate folder. By example: “C:\Users\Bjorn\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml”. This file also contains information about websites and which compatibility mode should be used for each. The segment between <flash> and </flash> contains the websites that have been whitelisted for flash. You can manually modify this file as described here: http://forum.xda-developers.com/showthread.php?t=1961793

Basic steps include:
  1. Modifying the iecompatdata.xml to add the websites you want to whitelist for Flash. Wildcards don’t work unfortunately.
  2. Open Internet Explorer 10 Desktop, press ALT, Tools, “Compatibility View setting”. Then Disable “Download updated compatibility lists from Microsoft”. This way Microsoft won’t overwrite the updates you’ve made in step 1.
  3. Delete the IE10 browser history. The disadvantage of this method however is, that you won’t be taking advantage of future compatibility updates because you’ve disabled the update functionality. Leaving it enabled however means that you you would have to keep re-adding sites you want to whitelist for Flash.

As a workaround, I’ve created this script that will automatically perform these tasks:

  1. Disable “Download updated compatibility lists from Microsoft”
  2. Close all internet explorer processes.
  3. Download the latest iecompatdata.xml to the appropriate folder. Currently the latest version is: https://iecvlist.microsoft.com/ie10/201206/iecompatviewlist.xml
    The script however will dynamically look for the latest versions by modifying the date in the url.
  4. Combine the data from the latest iecompatdata.xml with websites you want to whitelist for Flash (specified in “C:\Users\Bjorn\AppData\Local\Microsoft\Internet Explorer\IECompatData\flashsitestoadd.txt).
  5. Backup the original iecompatdata.xml and store the modified iecompatdata.xml
  6. Clear the Internet Explorer browsing history.

Because automatic downloading of updated compatibility lists has been disabled, I advise to schedule the script to run on a regular basis (by example monthly). For instructions read this blog post: http://blogs.technet.com/b/heyscriptingguy/archive/2012/08/11/weekend-scripter-use-the-windows-task-scheduler-to-run-a-windows-powershell-script.aspx Keep in mind that this will clear your Internet Explorer browsing history though.

 
4 Comments

Posted by on January 5, 2013 in Automation, ICT, Learning, Microsoft, Powershell, Tutorials, Windows, Windows 8, Windows RT

 

Tags: , , , , , , , , , , ,

PowerShell – Enable Active Directory Recycle Bin

04 Jan

Many companies and people in the past have encountered where they lost users, groups or other resources from Active Directory either by disaster or human error. Since Windows Server 2008 R2, you can use the Active Directory Recycle Bin to easily recover from this.

The AD Recycle Bin features requires a forest functional level of Server 2008 R2 or higher and is disabled by default. Also, once it has been enabled it cannot be disabled.

With Windows Server 2008 R2 you could only enable the AD Recycle Bin using Windows PowerShell and you could also only restore objects using CLI. With Windows Server 2012 you can both enable and restore very easily from the GUI using Active Directory Administrative Center (ADAC).

The script can be found here.

The script basically performs the following steps:

  1. Determine the current forest.
  2. Use parts of the current forest name to dynamically generate a command that is appropriate for every environment to enable the Active Directory Recycle Bin Feature.
  3. If the Active Directory Recycle Bin Feature hasn’t been enabled yet, enable it.

Even though it has become very easy to do using the GUI in Windows Server 2012, automating is Always better. Therefore I also added it to the script I used in: Home LAB Setup guide – 04 Configuring Server 2012 VM as DC with DNS and DHCP using PowerShell

 
1 Comment

Posted by on January 4, 2013 in Automation, ICT, Learning, Microsoft, Powershell, Tutorials, Windows, Windows 2012

 

Tags: , , , , , , , , ,

1st Dutch PowerShell User Group (DuPSUG) meeting on November 23rd

23 Sep

At November 23rd the 1st Dutch Powershell User Group (DuPSUG) meeting will be held in November at Master IT in Eindhoven for free.

Sessions:

  • Using Windows PowerShell 3.0 to manage the remote Windows 8 workstation
    Ed Wilson (Microsoft Scripting Guy)
  • PowerShell and WMI
    Richard Siddaway (PowerShell MVP)
  • What’s new in PowerShell 3.0
    Bert Wolters (Microsoft Certified Trainer with Master it Training)
  • Protect your PowerShell scripts with version control
    Stefan Stranger (Senior Premier Field Engineer at Microsoft Netherlands)
  • From command, to script, to function, to advanced function, to tool.
    Jeff Wouters (freelance Technology Specialist at Methos IT)

Read more about the meeting, the sessions and the speakers here: http://www.dupsug.com/

Also keep in mind that the available seats are very limited, so quickly sign up if your interested.

 
Leave a comment

Posted by on September 23, 2012 in Applications, Automation, Events, ICT, Learning, Microsoft, Powershell, Security, Tools, Tutorials

 

Tags: , , , , , , , , , , , , , , , , , , , , , ,

Easily rename downloaded movies using powershell

07 Sep

Context

As most people, I often complain about not having sufficient time. It also doesn’t help that I have a lot of hobbies and interests. Because of this I decided to combine my hobbies and interests in such a way it would eventually save me time.

Basically I decided to learn powershell scripting by automating the task of renaming downloaded movies. These need to be in a specific format for reliable use with the movie jukebox called Yet Another Movie Jukebox (YAMJ). As a result this will save me a lot of time in the future.

Concept for the script

The file names of most movies I download are mostly in the following format:
The.Devils.Advocate.1997.UNRATED.DC.720p.BluRay.X264-AMIABLE.mkv
<movie.name>.<movie release year>.<metadata>.<metadata>…..<last.metadata>.<file extension>

What is important for YAMJ to work correctly is basically the movie name and the year (just in case there are movies with the same name, but released in a different year). So basically my preferred output would be:
The Devils Advocate 1997.mkv

To realise this, conceptually the following will be done for all files in a specific folder:

  1. Determine the current file extension and save it to a variable.
  2. Remove all dots “.” from the file name.
  3. Determine if there is a year notation in the file name (by example 1997).
  4. If there is no year notation found, don’t do anything else (file does not meet the expected format).
  5. If the year notation is found, remove everything from the file name after the year notation and re-add the file extension.

The script itself

The script itself can be found on my sharepoint list :
http://bjornhouben-web.sharepoint.com/Lists/Scripts/

Closing thoughts

I hope this will help home users to see the advantages of scripts, use them and benefit from it. For ICT professionals I also hope that it will help them get a better understanding of Powershell. Because in my opinion Powershell is getting increasingly important both for Microsoft and non Microsoft products (by example VMware).

I’d love to get feedback about this post and hope to receive some replies.

 
Leave a comment

Posted by on September 7, 2012 in Entertainment, ICT, Learning, Microsoft, Movies, Powershell, Windows

 

Tags: , , , , , , , , , , ,

Newer posts