lunes, 1 de noviembre de 2021

WINDOWS. Restore Point

Purpose

Create a restore point in my Windows computers

Steps

# Este comando habilita la protección del sistema en la unidad C:\
# This command enables system protection on drive C: \

wmic /namespace:\\root\default Path SystemRestore Call enable “C:\”

# Este comando establece el espacio de disco para los puntos de restauración en un 25%
# This command sets the disk space for restore points to 25%

vssadmin resize shadowstorage /on=c: /for=c: /maxsize=25%

# Este comando ejecuta un punto de restauración llamado "My Restore Point"
# This command executes a restore point called "My Restore Point"

cmd.exe /k "wmic.exe /Namespace:\\root\default Path SystemRestore Call CreateRestorePoint "MyARestore Point", 100, 7"


To check it

    Command: vssadmin list shadows


by GoN | Published: Nov 1, 2021 | Last Updated:

WINDOWS. PS. DNS Export

Purpose

How to make a script to export the DNS information

Steps

Add the following commands to a *.PP1 file:

Import-Module grouppolicy

$date = get-date -format d.M.yyyy

 $DNSServer="MYDC"

$Zones = @(Get-DnsServerZone -ComputerName $DNSServer)

$Data = @()

ForEach ($Zone in $Zones) {

                $nombrefile = $date + $Zone.ZoneName + ".dns.bak"

                dnscmd /zoneexport $Zone.ZoneName backup\$nombrefile

                 Copy-Item C:\Windows\System32\dns\backup\$nombrefile \\midomain\datos\Backups\DNS

}

$PSEmailServer = "10.10.11.10"

Send-MailMessage -From no-reply@myhome.loca -To infrastructures@myhome.local -Subject "mycompay. Backups semanal DFS Mydom.LOCAL" -Body "Finalizada la copia de Backups de DFS en el servidor XXXXX"

 by GoN | Published: Nov 1, 2021 | Last Updated:

WINDOWS. PS. DFS Export

Purpose

How to make a script to export the DFS information

Steps

Add the following commands to a *.PP1 file:

Import-Module grouppolicy

$date = get-date -format M.d.yyyy

 $Filename=$date + "DFS.txt"

 dfsutil root export \\midomain.local\datos C:\Backups\DFS\$Filename

 Copy-Item "C:\Backups\DFS\$Filename" -Destination \\midomain\Backups\DFS

$PSEmailServer = "10.10.11.10"

Send-MailMessage -From no-reply@myhome.loca -To infrastructures@myhome.local -Subject "mycompay. Backups semanal DFS mydomain.LOCAL" -Body "Finalizada la copia de Backups de DFS en el servidor XXXXX"

by GoN | Published: Nov 1, 2021 | Last Updated:

martes, 13 de abril de 2021

NAGIOS. System Uptime

 Purpose

Check how many days a host has gone without restarting or shutting down.

Steps

A Critical Alert when 1 year without restarting or shutting down.

Commandcheckuptime

Check NagiosXI
by GoN | Published: Apr 13, 2020 | Last Updated:

NAGIOS. Check Time vs Domain

Purpose

Check the time in all servers. 

We configure the Nagios NTP service to synchronize to Windows PDC DC.

Steps

A Warning Alert when 30 seconds to go and Critical Alert when 60 seconds to go for all Servers

Command: checktime


Check NagiosXI
by GoN | Published: Apr 13, 2020 | Last Updated:


sábado, 10 de abril de 2021

WINDOWS. Import GPOs

 Purpose

Restore one GPO from a GPO Backup of other Domain

Steps

Go to Menu "Group Policy Management" and "Open Migration Table Editor"


Go to "Populate from Backup"



Change some data if it is necessary



Save


Import in to GPO AD data storage for the management. Choose the new name for the GPO to import.


Check "Import Setting" 

Choose the GPO to import


Check Windows 2019
by GoN | Published: Apr 10, 2020 | Last Updated:

viernes, 9 de abril de 2021

WINDOWS. PS. Alert and Check Password expiration policy

Purpose

Check your GPO "Default domain Policy" to view the password Policy and send one email to inform the User with the days expire password.

the variable "$expireindays" defines the days before it will warn until the password changes.

This post exclude check "Fine Grained Passwords"

The PS Code: 


 #Primary mail variables

$SmtpServer="X.X.X.X"

$From= IT@Micompany.com

  

#Starting expire check in days pending Expire to alert

$expireindays=8

 

#Getting users array from all AD

$users=Get-ADuser -Properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress -Filter *

foreach ($user in $users) {

    #Get the Name attribute for message purposes

    $Name = (Get-ADUser $user | ForEach-Object { $_.Name })

 

    # Exclude user witPassword Never Expires activate

    if ($user.PasswordNeverExpires) {

            #Informative message if script is executed via Powershell directly

            Write-Host  $user.Name "- INFO: o que no le caduque la contraseña"  -ForegroundColor Red 

    } else

    {

         #Setting expiration date parameter for user

        $passwordSetDate = (Get-ADUser $user -properties * | ForEach-Object {$_.PasswordLastSet})


        # ChecK the domain policy

        $maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days

        $Expireson= $passwordSetDate.AddDays($maxPasswordAge)

  

        #Getting script execution day date

        $today=Get-Date

 

        #Obtaining remaining days to expire password for user

        $daystoexpire=(New-TimeSpan -Start $today -End $Expireson).Days

       

        #Obtaining mail attribute from user

        $emailaddress=$user.EmailAddress

         #Condition that executes the mail advise if remaining days for password expiration are less than $expireindays variable and if is not expired (0 days remaining)

        If (($daystoexpire -ge "0") -and ($daystoexpire -lt $expireindays)) {

             #Informative message if script is executed via Powershell directly   

                 "$Date - INFO: Sending expiry notice email to $name"

                 Write-Host "Sending Password expiry email to $name - le faltan $daystoexpire" -ForegroundColor Yellow            

            $UserPasswordLastSet=$user.PasswordLastSet

            #Condition to attach the body message for email

            if($daystoexpire -eq "1"){

                $EmailBody="ULTIMO AVISO! La contraseña de WINDOWS del usuario $name caducará en $daystoexpire dia. Le recomendamos que cambie la clave antes de que expire el periodo indicado.

 

                La última vez que modificó su contraseña fue $UserPasswordLastSet

               

                Recuerde que usted es responsable de cualquier acción o actividad que se realice con su usuario y clave, por ello es muy importante    

                - La contraseña es personal e intransferible. No comparta la contraseña con nadie

                - Elija contraseñas seguras fáciles de recordar y difíciles de adivinar para usted.

                - La contraseña debe ser de longitud mínima 8 caracteres combinando letras, números, mayúsculas/minúsculas y símbolos. No utilice series.

                - Evite poner palabras relacionadas con tus datos personales o de la empresa.

                - Procure hacer faltas de ortografía, evita ataques de diccionario.

                - No debe anotar o almacenar las contraseñas en ningún tipo de soporte sin cifrar, ni utilizar programas, utilidades o cualquier otro proceso automático de login automático no autorizado.

                Si tiene sospechas que su contraseña ha dejado de ser secreta cámbiela inmediatamente.

               

                Departamento de Sistemas de MyCompany" 

            } else {

                 $EmailBody="La contraseña de WINDOWS del usuario $name caducará en $daystoexpire dias. Le recomendamos que cambie la clave antes de que expire el periodo indicado.

                               

                La última vez que modificó su contraseña fue $UserPasswordLastSet

               

                Recuerde que usted es responsable de cualquier acción o actividad que se realice con su usuario y clave, por ello es muy importante:               

                - La contraseña es personal e intransferible. No comparta la contraseña con nadie

                - Elija contraseñas seguras fáciles de recordar y difíciles de adivinar para usted.

                - La contraseña debe ser de longitud mínima 8 caracteres combinando letras, números, mayúsculas/minúsculas y símbolos. No utilice series.

                - Evite poner palabras relacionadas con tus datos personales o de la empresa.

                - Procure hacer faltas de ortografía, evita ataques de diccionario.

                - No debe anotar o almacenar las contraseñas en ningún tipo de soporte sin cifrar, ni utilizar programas, utilidades o cualquier otro proceso automático de login automático no autorizado.

                Si tiene sospechas que su contraseña ha dejado de ser secreta cámbiela inmediatamente.

               

                Departamento de Sistemas de Micomapny"                

            }

 

            $EmailSubj="Mycompany. Aviso de caducidad de password de tu usuario"

           

            #Create and send an email object

         $SMTPClient = New-Object Net.Mail.SMTPClient($SmtpServer)

         $emailMessage = New-Object System.Net.Mail.MailMessage

         $emailMessage.From = "$From"

 

             Foreach($EmailTo in $emailaddress)

                {

                    $emailMessage.To.Add($EmailTo)

                }

 

          $emailMessage.Subject = "$EmailSubj"

          $emailMessage.Body = "$EmailBody"

          $SMTPClient.Send($emailMessage)

            

                 #Informative message if script is executed via Powershell directly

                 Write-Host "Sending E-mail to $emailaddress..." -ForegroundColor Green

            }

            Else {

            #Informative message if script is executed via Powershell directly

            #Te informa de los que no ha expirado

                 "$Date - INFO: Password for $Name not expiring for $daystoexpire days"

                 Write-Host "Password for $Name does not expire for $daystoexpire days" -ForegroundColor White

           }

      }

  }

 

WINDOWS. PS. Update and modify extensionAttribute

Purpose

Modifie the Windows user extensionAttribute.

We wan copy the user "company" field in to "extensionAttribute2"

Script

 #Filter all users

$ALLUserTest = get-aduser -filter * -properties *

#Filter some user

#$x = 'Smith'

#$ALLUserTest =Get-ADUser -Filter "SamAccountName -like '*$x*'" -Properties *

 

ForEach($TestUser In $ALLUserTest)

{

   write-host "User: " $TestUser.samaccountname, $TestUser.company

  # Check before

  Get-ADUser  -identity $TestUser.samaccountname -Properties * | Select sAMAccountName, Company, extensionAttribute2 | sort-object -property extensionAttribute2

 #Update fields

                Set-ADUser –Identity $TestUser.samaccountname -Clear "extensionAttribute2"

                Set-ADUser -Identity $TestUser.samaccountname -Add @{extensionAttribute2 = $TestUser.company}

 # Check after

                Get-ADUser  -identity $TestUser.samaccountname -Properties * | Select sAMAccountName, Company, extensionAttribute2 | sort-object -property extensionAttribute2

 

}

 

by GoN | Published: Apr 10, 2021 | Last Updated:

lunes, 15 de marzo de 2021

WEB. Version Control. Archive

 Purpose

Know the content of a website in its different updates over time.

Link: https://web.archive.org/





We can check this web in this day


by GoN | Published: Mach 15, 2021 | Last Updated:

sábado, 9 de enero de 2021

Cybersecurity and Fight against Cybercrime

 New training to add to my profile




by GoN | Published: Jan 9, 2021 | Last Updated:

SECURITY. Online security engines

Purpose

We want verify online (without install any program and you don't need to register.) files or URLs trojan o virus suspects using a importants engine bank to check it.

In this post I will talk about three online tools and inform of other links at the end,all have a similar function. 

You need have present that your information (in the file that you verify) could be share with this webs.

[1] VirusTotal 

URL:  https://metadefender.opswat.com/?lang=en


Example:     Option: "FILE"  / Suspect file: "7z.exe"


Result:  ALL OK


[2] MetaDefender Cloud 



Example:     Suspect file: "7z.exe"


Result:  ALL OK

[3] Jotti's malware scan

URL: https://virusscan.jotti.org/en-US/scan-file


Example:     Suspect file: "7z.exe"


Result:  ALL OK


Others links:

https://opentip.kaspersky.com/
https://nodistribute.com/
https://www.urlvoid.com/
https://antiscan.me/
https://online.drweb.com/result2/
https://www.fortiguard.com/faq/onlinescanner
https://www.hybrid-analysis.com/
https://www.virscan.org/language/en/


by GoN | Published: Jan 9, 2021 | Last Updated: Jan 10, 2021