In order to account for session 0 isolation you need to use the following commands:
psexec -s -i 0 \\computername c:\reskit\procmon /backingfile c:\temp\procmon /quiet
and then to stop collection:
psexec -s -i 0 \\computername c:\reskit\procmon /terminate
It is critically important that you stop the procmon collection process by using the terminate command. If you simply kill the process or reboot while it is running the log file will be corrupted and unusable.
This is a series of commands to get information from a certificate file. This coomand returns all the information at once:
openssl x509 -text -in cert.pem
The following command return specific pieces of information from the certificate in question:
# who issued the cert?
openssl x509 -noout -in cert.pem -issuer
# to whom was it issued?
openssl x509 -noout -in cert.pem -subject
# for what dates is it valid?
openssl x509 -noout -in cert.pem -dates
# the above, all at once
openssl x509 -noout -in cert.pem -issuer -subject -dates
# what is its hash value?
openssl x509 -noout -in cert.pem -hash
# what is its MD5 fingerprint?
openssl x509 -noout -in cert.pem -fingerprint
This is handy when looking at http traffic on an IDS:
tshark -T fields -e http.user_agent
A quick netsh command to dump out your firewall rules:
netsh advfirewall firewall show rule name=all
This script retreives the LastLogon Active Directory attribute for a user and returns the date in human readable format. Note the script takes the users CN rather than samid or UPN, which in some cases can be different.
If Wscript.Arguments.Count = 0 Then
Wscript.Echo "Must supply Username."
Wscript.Quit(1)
End If
username= Wscript.Arguments(0)
' Bind to Active Directory object.
On Error Resume Next
stradspath=CheckForUser(username)
wscript.echo stradspath
Set objUser = GetObject("LDAP://" & strAdsPath)
Set objLastLogon = objUser.Get("lastLogonTimestamp")
intLastLogonTime = objLastLogon.HighPart * (2^32) + objLastLogon.LowPart
intLastLogonTime = intLastLogonTime / (60 * 10000000)
intLastLogonTime = intLastLogonTime / 1440
Wscript.Echo "Last logon time: " & intLastLogonTime + #1/1/1601#
function CheckForUser(samAccountName)
dtStart = TimeValue(Now())
strUserName = samAccountName
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
";(&(objectCategory=*)(cn=" & strUserName & "));distinguishedName,sAMAccountName;subtree"
Set objRecordSet = objCommand.Execute
If objRecordset.RecordCount = 0 Then
WScript.Echo "sAMAccountName: " & strUserName & " does not exist."
wscript.quit
Else
'WScript.Echo strUserName & " exists."
End If
'wscript.echo objRecordset(0)
'wscript.echo "sAMAccountName: " & objRecordset(1)
CheckForUser=objRecordset(0)
objConnection.Close
'WScript.Echo "Script completed in " & Second(TimeValue(now()) - dtStart) & " second or less."
End function
Set objUser = Nothing
Set objLastLogon = Nothing
I have finished moving my posts over from Serendipity on my irobx.net site over to cloud based WordPress site. Yes, I have moved to the cloud. I can just feel the ROI flooding in. Not to say the process was seamless or easy. I had to export an RSS feed into outlook and forward emails to the posting address for the WordPress site, then hand edit the formatting differences. If I had many more posts I probably would have come up with a scripted solution, as it was my site is just small enough that the time spent manually importing was less than creating a scripted solution. It may sound strange for someone who enjoys scripting, but I will rarely use a script to do a task that is quicker done with a manual process. I *will* script small routines that I know I will repeat many times, usually after having repeated them enough times for them to become annoying. Nice to have it finished in any event.
for x in `cat /tmp/t1.txt` do grep -q $x /tmp/t.txt if [[ $? -ne 0 ]] then echo $x fi done
