topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday March 19, 2024, 2:20 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Stoic Joker [ switch to compact view ]

Pages: [1] 2 3 4 5 6 ... 245next
1
Which version of PowerShell are you using? The one included in Windows itself or the open-source version?

The open-source version is at version 7.x, Powershell included with Windows isn't.

Normally I'm a what's in the box/living of the land sort of guy. But I may have to explore the OS version.

The open-source version gets more "love" from everyone, incl. Microsoft, so it may be possible that your script works in the open-source version.

No... The prevailing Rule-of-Thumb is: I screwed something up.

Typically because I've usually screwed something up ... As I just don't do this often enough to be/get good at it - Hence, I'm not.

I once spent an entire afternoon working on code with ChatGPT. The reason it took so long is that ChatGPT wasn't astute enough to simply inform me, that I was a Freaking Idiot. Because after some additional tangentially related research I realized that what I was asking it to do was flat-out impossible.


I think I might just be gettin old.

2
You could also try setting a value regardless of whether there's a match or not:
Duration = if ($_ -match '(?smi).*\ssession duration was\s+([^\s]+)\s+.*') { $matches[1] } else { "Unknown Duration" }

P.S. I can't actually test it as I only have a Win10 machine, wish I could suggest something more.

Yeah, I had a feeling that might be a problem...

But! The duration part solved itself later in the code, when I ran it through a formatting routine that returns blank if the input is not a number:
@{Name='Duration  ';Expression={'{0}' -f [timespan]::fromseconds($_.Duration).ToString("d\.hh\:mm\:ss")}}

Then I ran into a variation of the same problem on the next value that your code above worked perfectly on:
Target = if ($_.Message -match '(?smi).*to resource\s\"+([^\s]+).INTERNALDOMAINNAME.com\".\s+.*') { $matches[1] }
else {
$_.Message -replace '(?smi).*network resource:\s\"+([^\s]+).LAP.com\".\s+.*','$1'
}

The output report combines two different event types (connect and disconnect) in the same column, that both needed the same (internal resource machine name) info that was worded differently in their source event messages.

So if anybody else needs it, the now working/finished report code looks like so:
$Start = (Get-Date).AddDays(-14)

$End = Get-Date ## (Get-Date).Date AutoMagically Makes it Midnight of that Date.

Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-TerminalServices-Gateway/Operational';
StartTime=$Start; EndTime=$End; ID=302,303 } | %{

(new-object -Type PSObject -Property @{
TimeStamp = $_.TimeCreated

evId = $_.ID -replace '\s',''

ClientIP = $_.Message -replace '(?smi).*on client computer\s\"+([^\s]+)\",\s+.*','$1'

UserName = $_.Message -replace '(?smi).*The user\s\"+([^\s]+)\",\s+.*','$1'

Duration = $_.Message -replace '(?smi).*\ssession duration was\s+([^\s]+)\s+.*','$1'

Target = if ($_.Message -match '(?smi).*to resource\s\"+([^\s]+).LAP.com\".\s+.*') { $matches[1] }
else {
$_.Message -replace '(?smi).*network resource:\s\"+([^\s]+).INTERNALDOMAINNAME.com\".\s+.*','$1'
}

})

} | sort UserName, TimeStamp -Descending | Select `
 @{Name='Event Date and Time   ';Expression={'{0}' -f $_.TimeStamp}} `
, @{Name='User Location  ';Expression={'{0}' -f $_.ClientIP}} `
, @{Name='Target Machine';Expression={'{0}' -f $_.Target}} `
, @{Name='Username    ';Expression={'{0}' -f $_.UserName}} `
, @{N='User Action Made   ';E={
switch ($_.evId) {
302 {"Connected"}
303 {"Disconnected After:"}
default {'Should be unreachable'}
}}} `
, @{Name='Duration  ';Expression={'{0}' -f [timespan]::fromseconds($_.Duration).ToString("d\.hh\:mm\:ss")}} | Format-Table -AutoSize -Wrap



Thank You!

3
Try string interpolation:
Code: PowerShell [Select]
  1. 303 {"303 - User Disconnected From Resource: $($Duration)"}

I tried that and a few different variations ($_.($Duration, $($_.Duration), and etc.); no luck.
Double quotes come out blank, and single quotes just echo back the code as typed.

The part that's killing me, is I'm not even sure which part is broken; the output string creation, or is the elusive data that I can't get to show-up in it just missing/identified wrong/not supposed to be accessible for there until spring...

Do I need to (somehow) pass the other arrays into the switch statement? Something along the lines of:
Code: PowerShell [Select]
  1. switch ($_.evId.($_.Duration)) {

Or is that even possible/supposed to be needed?

Thank you.


P.S. If it helps/matters - Test code is being run on a Windows Server 2022 machine.


4
Greetings,
   I'm trying to create a report using the Windows Event Logs that displays the RD Gateway logon history of users with PowerShell, but I'm stuck at how to get the length (or Duration in the code) of their session to show up in a string inside of a switch statement.


Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-TerminalServices-Gateway/Operational'; ID=300,302,303 } | %{

(new-object -Type PSObject -Property @{
TimeCreated = $_.TimeCreated

evId = $_.ID -replace '\s',''

ClientIP = $_.Message -replace '(?smi).*on client computer\s\"+([^\s]+)\",\s+.*','$1'

UserName = $_.Message -replace '(?smi).*The user\s\"+([^\s]+)\",\s+.*','$1'

Duration = $_.Message -replace '(?smi).*\ssession duration was\s+([^\s]+)\s+.*','$1'
})

} | sort UserName, TimeCreated -Descending | Select TimeCreated, ClientIP `
, @{N='Username';E={'{0}' -f $_.UserName}} `
, @{N='evID - User Action Made';E={
switch ($_.evId) {
300 {'300 - Requested Resource Access Authorized'}
302 {'302 - Full Resource Machine Connection'}
303 {"303 - User Disconnected From Resource: 'Duration'"}
default {'This should be unreachable...'}
} Format-Table -AutoSize
}}


No matter what I try, nothing will put the number of seconds number that should be stored in the Duration array into that string for output to the screen. And I need to have it displayed conditionally for only the 303 events - Otherwise it doesn't exist and dumps the whole event message text.

Anybody know the right answer that I can't seem to find?

Thanks in Advance

Stoic Joker

5
Living Room / Re: Looking for Raspberry Pi with Pass-Through Power
« on: August 17, 2023, 01:06 PM »
Interesting... But I'm not sure if the monitoring software will run on the alternates as vendor specified Raspberry, which may not matter - I just don't know enough about these things to guess worth a damn.



6
Living Room / Re: Looking for Raspberry Pi with Pass-Through Power
« on: August 17, 2023, 07:26 AM »
What will the main task of the RPi be? Not just switching & measuring the power, I assume?

Okay, let me preface this with the intended application for said device is completely legal... Which I bring up, because the intended application is network scanning and data collection (Note: I work for an MSP..). So... Also forgot to mention - towards that end - it will need to have 2 ethernet ports.

The power pass-through, and dual ethernet ports are really just for deployment simplicity so that it does not require additional power & ethernet ports, as this would be installed with another networked device that it would then be monitoring via SNMP.


Only thing I've ever seen is the old hack of a Pi in a power board here but being homebuilt it's excluded.

Wasn't looking to get quite that devious with it, but that is a right interesting little widget.

I don't need to interact or disrupt the power flow, I just need the pie to be powered by it on its way to the device being monitored ... without the need for an additional power receptacle/wall wart type situation.




Note: unfortunately, due to a general distain for all things IoT, I've never delved into the Pi stuff previously. So at this point I simply have no idea how to even start looking for something applicable to the task.

7
Living Room / Looking for Raspberry Pi with Pass-Through Power
« on: August 16, 2023, 09:18 AM »
Okay, this could be a Unicorn, but...

Has anyone ever come across a Raspberry Pi that has a pass-through power port, similar to the powerline networking devices?

Powerline Networking Adapter.jpg
So something that looks like this, but with a Raspberry Pi in it.

I can't give a lot of detail about what I'm up to, but I'd be needing something that is not a kit/homebuilt for the application in mind.

Thanks in Advance,

Stoic Joker

8
From my understanding the Edge EE.msi is just a full package installer, as opposed to the downloaded style installers that are so popular these days. The end result is the same (no feature/restriction/option changes), it's just easier to deploy via push or in heavily restricted environments.

I first came across in when trying to install a browser on either an 08 or 12 server (i forget) that could not successfully run the usual downloader installer.

Now it's all I ever use, because it's just faster and easier to install.

9
N.A.N.Y. 2023 / Re: NANY 2023 Release: IPMI Tool GUI
« on: January 20, 2023, 05:43 AM »
Looks like I'm a bit late to the party...

Can (or does) this get the status of the RAID array and drives on a Dell (or other brand) server?

10
General Software Discussion / Re: any shit browsers I can use?
« on: December 02, 2022, 05:45 AM »
^^^I like it! :D

11
General Software Discussion / Re: any shit browsers I can use?
« on: November 23, 2022, 05:44 AM »
Edge has an open in IE mode option that should work

12
General Software Discussion / Re: Firewall Tester
« on: October 08, 2022, 10:44 AM »
On a general note: in your network you have telnet enabled, yet ICMP (ping) disabled? Telnet is kinda infamous for being unsafe, in (much) more ways than the ICMP protocol is.

They're probably just using the telnet client for diagnostic purposes (I do quite frequently as well) and not the server. Since they're separate components, there's no risk to having just the client installed.

13
Developer's Corner / Re: PowerShell Pickle with Registry Updates
« on: September 16, 2022, 09:28 AM »
So... Crickets it is then..

Well for the next poor sod what ends up wondering, I did manage to cobble together an answer:
Code: PowerShell [Select]
  1. $registry = Get-ChildItem "HKLM:\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports" -Recurse
  2.  
  3. foreach($a in $registry) {
  4.  
  5.         $X = $a.ToString()
  6.         $X = $X.Replace("HKEY_LOCAL_MACHINE", "HKLM:")
  7.         Get-ItemProperty -Path "$X" HostName | %{Set-ItemProperty -Path $_.PSPath HostName -Value ( $_.HostName -Replace ".1.", ".4." )}
  8. }
  9.  
  10. Restart-Service -Name Spooler


Object being: we're having to readdress a large network that is running out of addresses to an entirely different - non overlapping - subnet. So when all of the machines (DHCP) jump over to the new address range, nobody will be able to access their printers because they all print to direct IP. 80 computers, pointing at 60+ different printers, in what is basically a mesh pattern.

Nobody want's to do that shit through the GUI by hand.

So this (pushed to each machine via management software) will update the Printer Port IP Address targets on each machine to the new address range … Without requiring anyone to romp all over the complex touching machines.

14
Living Room / Re: No living room, ironically
« on: September 15, 2022, 05:51 PM »
Congratulations Man!

15
Developer's Corner / PowerShell Pickle with Registry Updates
« on: September 15, 2022, 03:35 PM »
Greetings,
    So I'm in a bit of a pickle trying to update the registry with PowerShell. I need to go into a key, list it's sub keys, and update a value in all of the subkeys on local machine. Reason this is being done with PowerShell, is it has to be pushed out to 80 machines...so nobody wants to do it manually 80 times  :D

   The script (scrounged off the internet) I've been beating on all afternoon is below, it will open the key and list the values I'm after … But I cannot get it to update them. Note: the updated value is/will be based on the current value. So I'm looking for a get/replace/set type of operation on the HostName entry's value which is an IP address.

Code: PowerShell [Select]
  1. $registry = Get-ChildItem "HKLM:\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports" -Recurse
  2.  
  3. foreach ($a in $registry) {
  4.     ($a | Get-ItemProperty).Psobject.Properties |
  5.     #Exclude powershell-properties in the object
  6.     Where-Object { $_.Name -like 'HostName' } |
  7.     Select-Object Name, Value
  8. }

So instead of displaying the HostName entry's value, I need it to change the third octet of the IP address to a 4 so that 192.168.1.152 becomes 192.168.4.152

Anybody smarter than I am got a bit of mercy handy for a tired old fool?

TIA
-Stoic Joker

16
Living Room / Re: Programming/Coder humor
« on: June 17, 2022, 01:58 PM »
HelloWhirled.jpg

17
Living Room / Re: Tips for failing eyesight? PC use
« on: March 04, 2022, 05:42 AM »
Got a client that has a pair of 32" curved monitors running at 1920x1080. I'd originally panned the idea (but lost the debate) because I thought the height would be hard on the neck … But it wasn't. It's actually a really nice setup, and very easy to read on.

18
Addendum: IIRC I had a similar thing with Add-Content that I was doing and the result was that Add-Content was one of the very few PowerShell commandlets that couldn't take a file in a variable.

Ah-ha-ha! Given the inane shenanigans I've gone through trying to get this to work. That is the conclusion I was coming too - And your recollection is way gooder than mine. :D

Thanks, I'll go a different route with this then.


Did you try prefacing it with the &? Did that work?

That one made the script lock/crash on load. I tried everything from your link, and a few variations on what was suggested, but to no avail. So I'm going with the (4wd confirmed) assertion that the Add-Content commandlet (I can never remember that term) is just broken like that or something.

Thanks guys!

19
You can also try for grins to use a path with no spaces- and looking for that, I see that's the correct answer.

1. Target is buried in the middle of clients 1,500,000 files/folders file server...  :D
2. Just for fun and curiosity, I tried it - and it still didn't work. Which actually, is rather interesting.

(I used the inhouse lab copy for this) Taking all spaced out of both path and filename, still caused the script to fail (same as before) at the add-content command … regardless of what I did to the string I was trying to pass in. So it seems at this point to be an issue with add-content itself, and how it needs/wants to be spoon-fed the string.

Gaaaa! - It's almost 5:00pm - Happy Thoughts, happy thoughts...

20
Did you try \\? i.e.

Well I hadn't yet, but I just did - And no joy. :(

single \ is escaping the next character.

I recall that behavior from C++/C#/etc., but in PowerShell too? I've got other path strings in the script that don't seem bothered by it...is why I ask.

I generally don't do much with PowerShell unless I have to, so this project has predominantly consisted of staring at the screen in disbelief while "quietly" chanting a litany of obscenities'. :D

21
So from what I'm reading, this is supposed to be simple - I'm just screwing it up somehow.

Issue I'm having is that if I use the full [path][filename] in the code it works fine. But if I try to store the path in a string - so I don't have to edit it 5 times if there is a change - logging fails and the script locks up.

I've tried every variation I could either find, or think of … But have as of yet, not found the correct answer.

Snippet of problem code below:
Code: PowerShell [Select]
  1. $logline = "$(Get-Date), $ChangeType, $FullPath"
  2.     Add-content "C:\Users\Me\Them\NPM Change Log.txt" -value $logline

Now ^that^ works fine, but what I need is something more like this:
Code: PowerShell [Select]
  1. $LogFile = "C:\Users\Me\Them\NPM Change Log.txt"
  2.    
  3.     $logline = "$(Get-Date), $ChangeType, $FullPath"
  4.     Add-content "$LogFile -value $logline

But I can't get it to work; double quotes, single quotes, with/without the -path parameter identifier - everything fails and locks the script.

Any Ideas on what I might be missing?

TIA

Stoic Joker

22
Announce Your Software/Service/Product / Re: WildGem 1.50
« on: January 29, 2022, 11:35 AM »
Looks like v1.61 is now available - Damn! ...I love this thing - Just saved my ass again!

23
^Reminds^ me of one my dad told years ago (short version):

Counterfeiters print up some top quality $25 bills, and go to a little hick town to pass a few off.

Old guy at counter gives the guy his change, and he runs back out to the car.

His buddy asks him what he got, and the guy replies three $7's, and a $4...

24
General Software Discussion / Re: Opera Start Page Question
« on: November 04, 2021, 06:52 AM »
Zoiks! Another one...

Okay, so how well does Pale Moon deal with the asshat sites that "require" Chrome? Pale Moon Site says it's Goanna based - never heard of it - so what's it Goanna do when it encounters the Chromium canvas control and friends?

25
General Software Discussion / Re: Opera Start Page Question
« on: November 03, 2021, 03:38 PM »
Hay, while we're playing whose got the most browsers. There's a feature in IE that I've never seen duplicated anywhere else. That being the ability to run multiple isolated private mode sessions. So if I was logged into one users account in private mode, I could just hit file--> New session, and log into a different users account without the two trying to interact/trip over each other ... Because each instance was running in its own segregated sandbox.

Do any of the other browsers do that?? Because it is extremely handy for (client network) admin stuff, where you have to be in multiple accounts and/or networks at the same time. And with everyone going cloud with everything I'm running into this (and out of browsers) more and more frequently.

Pages: [1] 2 3 4 5 6 ... 245next