Latest Posts

Configure AD Authentication for ESXi Host

September 10, 2016 by TwiZted
/
Configure AD Authentication

Configure AD Authentication

If you’re in the business of setting up an ESXi host on your network you may be interested in also configuring it to allow for Active Directory authentication. This allows you to setup vCenter administrators within Active Directory, and allows them to use their Windows credentials in order to do their jobs. Although AD authentication will be setup dedicated vCenter admins can also be setup locally on the vCenter server to authenticate directly. In the AD world, this makes management a bit easier.

Here are the simple steps below. Please note that I am unable to verify whether these steps are the same for every version of ESXi, so your results may vary:

  1. Confirm the ESXi host is synchronizing time with the Active Directory Domain controller. For more information, see Synchronizing ESXi/ESX time with a Microsoft Domain Controller (1035833).
  2. From the vSphere Client, select the host that you want to add to the Active Directory.
  3. Click the Configuration tab
  4. Click the Authentication Services.
  5. Click the Properties link at the top right pane.
  6. In the Directory Services Configuration dialog, select the directory service from the dropdown.
  7. Enter a domain.
  8. Click Join Domain.
  9. Enter the user name (in user@domain.com format) and password of a directory service user account that has permissions to join the host to the domain and click OK.
  10. Click OK to close the Directory Services Configuration dialog box.
  11. Click the Configuration tab and click Advanced Settings.
  12. Navigate to Config > HostAgent.
  13. Change the Config.HostAgent.plugins.hostsvc.esxAdminsGroup setting to match the Administrator group that you want to use in the Active Directory. These settings takes affect within a minute and no reboot is required.

Additional notes and knowledge base location

If the Config.HostAgent.plugins.hostsvc.esxAdminsGroup setting is changed, ensure to remove any invalid users from the Permissions tab of the ESXi host. In ESXi 4.1, the ESX Admins container is hard coded and must be added on the Active Directory side for authentication to work.

KB Article – https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2075361

Read More

MBSA Scanning with Powershell

August 29, 2016 by TwiZted
/

A very common audit requirements by many vendors is to run the Microsoft Baseline Security Analyzer (MBSA) against a list of machines to verify some standard setup practices they look for. Although other tools can be used for this in bigger environments, it always seems to be one they ask for and considering the scans can be scripted, they’re pretty easy to do and don’t take much time. In a perfect world, you’ll need to run this from a server in the domain that has MBSA installed on it and also has network access to each machine in the server list you provide the script. It will then remote scan each machine in the list and output a file for each.

Nothing too fancy and gets the job done. One think you might have to do is actually reach out to Microsoft and download the .cab file that is referenced. This can be found here (http://go.microsoft.com/fwlink/?LinkId=76054) and will speed up scans.

Read More

New Servers Deployed

July 11, 2016 by TwiZted
/

New Servers – The website and affiliated services have all been moved over to new servers. Everything appears to be be working fine without issues. The main reason I wanted to make a quick post is to let you know that the REPRT backend is currently offline. Any reports that make it through will still make it to the server, but they will not automatically be posted to the RE website. This is intended and will be worked through shortly. Please let me know through the contact page if you run into any issues with the website or software since the server switch.

New Servers Deployed

Additionally, to support the server switch, I will be moving everything over to new routing equipment. This is a big upgrade but downtime should be minimal. Not sure what time I’ll plan on doing this, but it should be late at night and most likely on a weekend.

Read More

Grab Weather Data from NWS

June 8, 2016 by TwiZted
/

I have recently been playing with InfluxDB and Grafana and wanted to be able to display the outside temperature without buying an external monitor to feed InfluxDB. I was able to find some weather data in XML format from the NWS, which allowed me to download, parse, and feed the data into InfluxDB. This allowed me to grab weather data and feed it just like I wanted without spending the money for an external monitor of some sort. I have it setup to run once every 30 minutes to grab and update –

You can then feed these the InfluxDB using Curl or other methods –

You can the XML reports at the NWS website here. Once it’s all setup and complete you can make a nice graph in Grafana:

Temp sensor - grab weather data from NWS Read More

Site Update and REPRT

May 5, 2016 by TwiZted
/

As many of you may have noticed, the website has been completed rebuilt and updated. I don’t personally have a ton of time to write a bunch of articles like I want to, but I will try to keep things updated on a regular basis. I’m usually pretty busy pumping out new stuff at work that can be brought into my collection for safe keeping.

For any Regenesis folks out there that might stop by, REPRT has been updated to version 1.5.0.6. This final update was a major overhaul and transforms the software into a client/server model, instead of relying on the client side to do all of the heavy work. The old model functioned, but was much harder to update and keep going with all the different users, operating systems, and configurations. In the past, a small update for client side processes would affect how things worked on the server side (sometimes breaking the tool altogether) and just created a mess in general. This new model means I really only have to worry about the server working, and evening if a client manages to dork up somehow the issue/s can be fixed easily on my side from the server. No more crossing our fingers and hoping I don’t break things.

On a side note, I’d really like to get REPRT in the hands of Mac users. The application is designed in .NET for Windows and I do not have a way to test it working on a Mac system. If someone from the Regenesis world would like to make this idea happen, feel free to let me know. If you’re another developer that stumbles across this and knows how to easily make .NET run under Mac OS, I’d be interested in hearing about that as well. To my knowledge, MONO is one route, however as I mentioned I do not have a way to test.

Read More

Detect Server Roles

May 5, 2016 by TwiZted
/

I needed a quick script to scan through a list of servers and detect server roles on any server that had the specified role/s installed, in this case File or Print services. There are probably many other ways to accomplish this. If you have better examples feel free to post them! I didn’t use this script for much, however I more advanced script could potentially come in handy.

Detect Server Roles with Powershell

Note that you’ll get the obvious errors if the server doesn’t respond (offline, WMI, etc), but it got the job done for what I needed at the time.

Read More

Automatic Purging

May 5, 2016 by TwiZted
/

Automatic Purging with Powershell

This script is used to automatically purge subfolders and all contents within those subfolders in a root folder. My use case was new subfolders being created daily with data backed up to them. The data within the subfolders could have any date on them, but I needed to purge based off the subfolders creation date. Instead of logging into the fileserver every 30 days and manually deleting junk, I tossed this quick script together to look at the date modified of the subfolder, and then purge any that are over 90 days old. If no folders are found, it’ll cancel the purge process (instead of deleting the entire root folder… oops).

You may notice that rmdir is used for the actual delete process. PowerShell has delete abilities, however I could not get it to work with folder names over a certain length, which unfortunately was very common for this subset of data being backed up. Rmdir didn’t seem to care about the length of the filenames within the subfolder and just blows the directory away.

Another thing to note that is not included in this version of the script is folder permissions. This is intended to be ran as scheduled task with a service account that has the proper permissions to the root/subfolders it’ll be trying to delete. Although the account I used had this, the scripts used (by another team) to create the backup data would sometimes place ownership on the subfolders and stall the script. In later iterations of the script above, I’ve added a routine that takes ownership of the subfolder before deleting it. I know takeown was used to accomplish this.

Lastly, I believe another issue I had that was caused by the same backup script was it was setting some of the newly created subfolders as Hidden and/or System folders. I’d have to test further, but I believe Get-ChildItem will ignore these. Adding ‘-force” I think was the fix. I haven’t touched the live script in a while, but if I get my hands on it I’ll make a new post.

Read More

PRTG Alerts with Pushbullet

April 30, 2016 by TwiZted
/

In an earlier post, I had provided a simple little Powershell/Pushbullet API where you could use Powershell to send Pushbullet alerts to all of your registered devices. This is dandy, and works wonders if you simply want to trigger the alert with Powershell by itself, but if you want to use something like PRTG to do the automatic triggering the setup is a bit different. The API and script provided simply takes parameters passed to it from PRTG, throws them into an alert, then fires them off to Pushbullet. Setting this Powershell script up inside PRTG to alert you is actually very simple.

The very first thing you must do besides editing the script I’ve provided is to save and drop the script into PRTG’s alert directory. By default, this is usually located here:

Once the Powershell (.ps1) script is dropped into that directory, the alert will be able to be chosen within PRTG itself. The first step to creating the alert is to login to PRTG and create a new notification:

PRTG Notification

The default settings should be sufficient, but feel free to edit them where you see fit (giving the notification a name for example). After you have changed the default settings where needed, scroll down and choose the “Execute Program” option. Click the drop down dialog and choose the .ps1 file you uploaded to your PRTG folder earlier:

PRTG Settings

Once you’ve made it that far, save the notification and you’re about ready to go. The last step is to assign to notification to a device or group:

PRTG Alert Set

After you’ve saved this, you can test the alert by logging into Pushbullet and causing the alert to trigger (shutting a service down, rebooting server, simulate error status, etc). If setup correctly, you should receive an alert in Pushbullet to all connected devices.

Read More

PushBullet Powershell API

April 29, 2016 by TwiZted
/
PushBullet Powershell API

PushBullet Powershell API

Here’s a small Powershell script that can be used to link your Powershell scripts to PushBullet. This allows you to fire PushBullet alerts to any device with the software installed. I use this in labs with PRTG monitoring software to fire alerts when a service/server goes down and I’m not around to get a standard email alert. Although email is great, it’s always nice to have 2 methods to receive my alerts so I know when something is amiss.

The Code

Once you have the script, simply change out the APIKEY to your own key, and setup a custom trigger in PRTG to fire off the Powershell script with the parameters defined. Also, for anyone interested PRTG is now free for up to 100 monitors. This is great for you folks with labs they’d like to monitor statistics on, or even people with a handful of servers that need quick and easy Windows monitoring. It’s an easier approach compared to something like Nagios.

Read More