We have Windows 7 Enterprise laptops with TPM chips. We have deployed Bitlocker to these laptops. What I'm trying to accomplish is to write a PowerShell script to look up the msTPM-OwnerInformation value for a specific computer in AD. I want it to then take that value and reset the TPMLockout.
Right now we have to go into the TPM console and click reset and specify the XML file that contains that value.
I have started on a script, but it's not doing what I want it to do as I'm very new to PowerShell.
Create a new file named "Get_msTPM-OwnerInformation.ps1"
and paste the following text to it.
Change the Part 'DOMAIN/OU' to your needs.
This should read you all the Information you need out of the AD
#----------------------Start----------------------------------------------------------------
#Custom variables
$CsvFilePath = "C:\Temp\BitLockerComputerReport.csv"
#Create array to hold computer information
$export = #()
#Export computers not Bitlocker-enabled to a CSV-file
#$BitLockerEnabled = Get-QADObject -SizeLimit 0 -IncludedProperties cn,Name,ParentContainer,msFVE-RecoveryPassword | Where-Object {$_.type -eq “msFVE-RecoveryInformation”} | Foreach-Object {
$BitLockerEnabled = Get-QADObject -SearchRoot 'DOMAIN/OU' -SizeLimit 0 -IncludedProperties cn,Name,ParentContainer,msFVE-RecoveryPassword | Where-Object {$_.type -eq “msFVE-RecoveryInformation”} | Foreach-Object {
#Get PasswordID
$_.cn -match “(?<={).*(?=})"
#Create custom object for each computer
$computerobj = New-Object -TypeName psobject
#Add information to custom object
$computerobj | Add-Member -MemberType NoteProperty -Name Name -Value (Split-Path -Path $_.ParentContainer -Leaf)
$computerobj | Add-Member -MemberType NoteProperty -Name PasswordID -Value $matches[0]
$computerobj | Add-Member -MemberType NoteProperty -Name "msFVE-RecoveryPassword" -Value $_."msFVE-RecoveryPassword"
$computerobj | Add-Member -MemberType NoteProperty -Name "msTPM-OwnerInformation" -Value (Get-QADComputer -IncludedProperties "msTPM-OwnerInformation" -Name (Split-Path -Path $_.ParentContainer -Leaf))."msTPM-OwnerInformation"
$export += $computerobj
}
#Export the array with computerinformation to the user-specified path
$export | Export-Csv -Path $CsvFilePath -NoTypeInformation
#------------------------End--------------------------------------------------------------
Related
I have to create windows container image with our application installed. Our application is a legacy one and it uses hostname in several places during installation. The docker build command doesnot have an option to pass the hostname. So, we are currently stuck at a point where when we run a container with the image created, our application fails to run as its expecting the hostname to be the generated name during the image creation time and not the one we pass with docker run command.
I tried to change the hostname within the container before installing our application using suggestions in this query.But,it did not work.
I wanted to understand if there is a way we can change the hostname from within the windows container?
The following worked for me -
rename-computer.ps1:
$ComputerName = "New Name"
Remove-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" -name "Hostname"
Remove-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" -name "NV Hostname"
Set-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\Computername\Computername" -name "Computername" -value $ComputerName
Set-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\Computername\ActiveComputername" -name "Computername" -value $ComputerName
Set-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" -name "Hostname" -value $ComputerName
Set-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" -name "NV Hostname" -value $ComputerName
Set-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -name "AltDefaultDomainName" -value $ComputerName
Set-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -name "DefaultDomainName" -value $ComputerName
Dockerfile:
COPY "rename-computer.ps1" "C:/"
RUN powershell -command "Set-ExecutionPolicy RemoteSigned" \
&& powershell -command "C:/rename-computer.ps1 ; hostname" \
&& powershell -command "Set-ExecutionPolicy Restricted" \
&& <your installer runs here>
Sources -
https://serverfault.com/a/731832/845133
https://gist.github.com/timnew/2373475
I have a file source-push.sh which returns the list of files which I want to exclude from the results of find command.
It looks like this:
#!/usr/bin/env bash
find . -not \( -path './node_modules' -prune \) -name '*.js' | grep -vE $(echo $(./source-push.sh | xargs -I{} echo -n "{}|") | rev | cut -b2- | rev) | xargs -L1 standard --fix
find . -not \( -path './node_modules' -prune \) -name '*.css' | grep -vE $(echo $(./source-push.sh | xargs -I{} echo -n "{}|") | rev | cut -b2- | rev) | xargs -L1 stylelint --config stylelint.json
There are supposed to be a way to do the job better than that. Any suggestions?
Instead of:
... | grep -vE $(echo $(./source-push.sh | xargs -I{} echo -n "{}|") | rev | cut -b2- | rev ) | ...
you can use the POSIX options -F and -f:
... | grep -v -F -f <( ./source-push.sh ) | ...
-F tells grep that the patterns are fixed strings
(avoiding the problem that your original code would break if the patterns contain characters that are special to grep -E)
-f file tells grep to use a list of patterns from file
<( ... ) is a bash way to present output of a program as a file (named pipe)
Trying to update IIS authentication settings using Powershell.
Here's the dockerfile:
FROM microsoft/aspnet
SHELL ["powershell"]
WORKDIR C:\MyWebApp
RUN Import-Module WebAdministration; `
New-WebApplication -Name 'MyWebApp' -Site 'Default Web Site' -PhysicalPath C:\MyWebApp -ApplicationPool DefaultAppPool; `
Set-WebConfigurationProperty -Filter "/system.webServer/security/authentication/anonymousAuthentication" -Name Enabled -Value False -PSPath IIS:\ -Location "'Default Web Site/MyWebApp'"; `
Set-WebConfigurationProperty -Filter "/system.webServer/security/authentication/basicAuthentication" -Name Enabled -Value False -PSPath IIS:\ -Location "'Default Web Site/MyWebApp'"; `
Set-WebConfigurationProperty -Filter "/system.webServer/security/authentication/windowsAuthentication" -Name Enabled -Value True -PSPath IIS:\ -Location "'Default Web Site/MyWebApp'"; `
Set-WebConfigurationProperty -Filter "/system.web/identity" -Name impersonate -Value True -PSPath IIS:\ -Location "'Default Web Site/MyWebApp'"; `
Set-ItemProperty -Path IIS:\AppPools\DefaultAppPool\ -Name managedPipelineMode -Value 0; `
Set-ItemProperty -Path IIS:\AppPools\DefaultAppPool\ -Name enable32BitAppOnWin64 -Value True;
Set-WebConfigurationProperty is causing W3SVC to get stopped and container exits.
PS C:\Projects\docker_workspace\app> docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
96bc3c60e9df wcpapp:v1 "C:\\ServiceMonitor.e…" About a minute ago Exited (2147500037) 12 seconds ago
PS C:\Projects\docker_workspace\app> docker logs 96
Service 'w3svc' has been stopped
ERROR: Failed to start or query status of service 'w3svc' error [80004005]
Service 'w3svc' has been stopped
If I remove Set-WebConfigurationProperty statements, Container stays up and running. What am I missing here?
I am trying to grep or find for 2 specific words in each file in a directory. And then If i find more than one file found with such a combination - only then I should print those file names to a CSV file.
Here is what I tried so far:
find /dir/test -type f -printf "%f\n" | xargs grep -r -l -e 'ABCD1' -e 'ABCD2' > log1.csv
But this will provide all file names that have "ABCD1" and "ABCD2". In other words, this command will print the filename even if there is only one file that has this combo.
I will need to grep the entire directory for those 2 words and both words MUST be in more than one file if it has to write the filenames to CSV. I should also be able to include sub directories
Any help would be great!
Thanks
find + GNU grep solution:
find . -type f -exec grep -qPz 'ABCD1[\s\S]*ABCD2|ABCD2[\s\S]*ABCD1' {} \; -printf "%f\n" \
| tee /tmp/flist | [[ $(wc -l) -gt 1 ]] && cat /tmp/flist > log1.csv
Alternative way:
grep -lr 'ABCD2' /dir/test/* | xargs grep -l 'ABCD1' | tee /tmp/flist \
| [[ $(wc -l) -gt 1 ]] && sed 's/.*\/\([^\/]*\)$/\1/' /tmp/flist > log1.csv
I tried to generate warning in Xcode if there is any TODO: or FIXME: in my project using the follow bash script from HERE:
TAGS="TODO:|FIXME:"
echo "searching ${SRCROOT} for ${TAGS}"
find "${SRCROOT}" \( -name "*.h" -or -name "*.m" \) -print0 | xargs -0 egrep --with-filename --line-number --only-matching "($TAGS).*\$" | perl -p -e "s/($TAGS)/ warning: \$1/"
As I used CocoaPods, is it possible to search only with my project and it's testing but not in the Pods?
EDIT: Update sample code for .swift compatibility
TAGS="TODO:|FIXME:"
echo "searching ${SRCROOT} for ${TAGS}"
find "${SRCROOT}" \( -name "*.h" -or -name "*.m" -or -name "*.swift" \) -print0 | xargs -0 egrep --with-filename --line-number --only-matching "($TAGS).*\$" | perl -p -e "s/($TAGS)/ warning: \$1/"
Try changing the line:
find "${SRCROOT}" ...
to include a forward slash and your project name after the ending curly brace.
For example, if your app was called SaxGuy, it would look like this:
find "${SRCROOT}/SaxGuy" ...