Officially Microsoft Certified Azure Fundamentals !!
Monday, March 02, 2020
Friday, February 14, 2020
Wednesday, January 08, 2020
PowerShell and Excel
I wrote a PowerShell script to start MS Excel process and manipulate an Excel file. This PS works perfectly fine when it is executed interactively by a user account. However when using Windows task scheduler, it throws the following errors:
Microsoft Excel cannot access the file
There are several possible reasons:
The file name or path does not exist.
The file is being used by another program.
The workbook you are trying to save has the same name as a currently open workbook.
In turns out, I need to create a directory named: Desktop
In the following locations:
64-Bit OS
C:\Windows\SysWOW64\config\systemprofile\Desktop
32-Bit OS
C:\Windows\System32\config\systemprofile\Desktop
Microsoft Excel cannot access the file
There are several possible reasons:
The file name or path does not exist.
The file is being used by another program.
The workbook you are trying to save has the same name as a currently open workbook.
In turns out, I need to create a directory named: Desktop
In the following locations:
64-Bit OS
C:\Windows\SysWOW64\config\systemprofile\Desktop
32-Bit OS
C:\Windows\System32\config\systemprofile\Desktop
Tuesday, December 31, 2019
QBE CIO Award 2019
All the hard work is paid for ... QBE Cyber Security team has been recognized for exceptional performance!!
Friday, November 22, 2019
Tail in PowerShell
I need to "tail" in PowerShell to view the log and found the following command interesting:
> Get-Content C:\mylog.txt -Wait
If you want to get the latest file and tail it:
> Get-Content ( Get-ChildItem C:\Folder\ | Sort-Object LastWriteTime | Select-Object -Last 1) -Wait
Thursday, September 12, 2019
Active Directory Group Policy by Powershell
Use the following Powershell to get all the GPO dumped to HTML files
#> Get-GPO -All -Domain mydomain.tld | % { Get-GPOReport -Guid $_.Id -ReportType Html -Domain mydomain.tld | Set-Content C:\Reports\$($_.DisplayName).html }
Monday, August 19, 2019
Thursday, August 15, 2019
Thursday, July 18, 2019
Fix Corrupted Windows 10 File(s)
Recently, I had issue with my VM which runs Windows 10 for my daily ops work. The issue was, the hosting machine kept crashing due to unknown issue, thus ungracefully shutting down my Windows 10 VM.
One time, second time, third time were fine. Finally, one day, I wasn't able to open any ZIP file. It looked like the OS lost its association with the file type .ZIP. I went to the default file type program and could not find .zip file type. I then checked my other healthy Windows 10 machine and clearly there is no .zip file type association either.
To fix this I ran:
> sfc /scannow
When the scan was completed, I checked the log file, it had:
Could not reproject corrupted file \??\C:\WINDOWS\System32\\zipfldr.dll; source file in store is also corrupted
What I did next:
> DISM.exe /Online /Cleanup-image /Restorehealth
Then
> sfc /scannow
and I can open ZIP files again!! :)
One time, second time, third time were fine. Finally, one day, I wasn't able to open any ZIP file. It looked like the OS lost its association with the file type .ZIP. I went to the default file type program and could not find .zip file type. I then checked my other healthy Windows 10 machine and clearly there is no .zip file type association either.
To fix this I ran:
> sfc /scannow
When the scan was completed, I checked the log file, it had:
Could not reproject corrupted file \??\C:\WINDOWS\System32\\zipfldr.dll; source file in store is also corrupted
What I did next:
> DISM.exe /Online /Cleanup-image /Restorehealth
Then
> sfc /scannow
and I can open ZIP files again!! :)
Thursday, June 20, 2019
C# + Active Directory = Awesome!!
I have a need to review AD groups and local admin groups as part of the identity project - to identity users who are having privileged access in AD or servers. I developed this tool to help with the quick search, detailed view, export, etc with UI.
Obviously this can be done with PowerShell, but I found there is limitation with PowerShell in regards to recursive lookup especially when dealing with foreign objects
As you can see below, there are different account type you can query, user, computer and group (with recursive option). You can also provide a different credential to query Active Directory as well as specifying a particular OU, LDAP filter and keyword doing the search.
The below UI provides the interface to query local groups in Windows machine. You can specify a single computer, computers in a particular OU or a text file containing a list of computers.
Friday, May 17, 2019
GoDaddy DNS Update Using API
I recently need to update my DNS entry which is hosted in GoDaddy. GoDaddy supports API call to update DNS entries, which is amazing!!
You need to generate the API key and secret.
create the file below and cronjob it!
#!/bin/bash
domain="domain.tld"
type="A"
name="@"
ttl="3600"
port="1"
weight="1"
key="my-api-key"
secret="my-api-secret"
headers="Authorization: sso-key $key:$secret"
echo "Headers = " $headers
result=$(curl -X GET -H "$headers" "https://api.godaddy.com/v1/domains/$domain/records/$type/$name")
echo "Result = " $result
dnsIP=$(echo $result | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
echo "DNS IP = " $dnsIP
ret=$(curl -s GET "http://ipinfo.io/json")
currentIP=$(echo $ret | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
echo "Current IP = " $currentIP
if [ $dnsIP != $currentIP ];
then
echo "IP's are not equal, updating record"
curl -X PUT "https://api.godaddy.com/v1/domains/$domain/records/$type/$name" \
-H "accept: application/json" \
-H "Content-Type: application/json" \
-H "$headers" \
-d "[ { \"data\": \"$currentIP\", \"port\": $port, \"priority\": 0, \"protocol\": \"string\", \"service\": \"string\", \"ttl\": $ttl, \"weight\": $weight } ]"
fi
if [ $dnsIP = $currentIP ];
then
echo "IP's are equal, no update required"
fi
You need to generate the API key and secret.
create the file below and cronjob it!
#!/bin/bash
domain="domain.tld"
type="A"
name="@"
ttl="3600"
port="1"
weight="1"
key="my-api-key"
secret="my-api-secret"
headers="Authorization: sso-key $key:$secret"
echo "Headers = " $headers
result=$(curl -X GET -H "$headers" "https://api.godaddy.com/v1/domains/$domain/records/$type/$name")
echo "Result = " $result
dnsIP=$(echo $result | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
echo "DNS IP = " $dnsIP
ret=$(curl -s GET "http://ipinfo.io/json")
currentIP=$(echo $ret | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
echo "Current IP = " $currentIP
if [ $dnsIP != $currentIP ];
then
echo "IP's are not equal, updating record"
curl -X PUT "https://api.godaddy.com/v1/domains/$domain/records/$type/$name" \
-H "accept: application/json" \
-H "Content-Type: application/json" \
-H "$headers" \
-d "[ { \"data\": \"$currentIP\", \"port\": $port, \"priority\": 0, \"protocol\": \"string\", \"service\": \"string\", \"ttl\": $ttl, \"weight\": $weight } ]"
fi
if [ $dnsIP = $currentIP ];
then
echo "IP's are equal, no update required"
fi
Saturday, April 13, 2019
Ubuntu 18.04 + Docker Setup
I am setting up a new Docker Engine running on Ubuntu 18.04
During the Ubuntu installation, I selected Docker Engine as part of the deployment setup. By default the Docker Engine Service is run by Snap.
My environment uses web proxy to hit the Internet and internal DNS servers only are allowed. Docker Daemon or Docker Containers must use web proxy and internal DNS to hit the Internet.
To setup Ubuntu with static IP, pointing to the right DNS, netplan must be created
create a YAML file in the /etc/netplan/
> sudo vi /etc/netplan/99-local-init.yaml
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.1/24
gateway4: 10.0.0.254
nameservers:
search: [domainlocal.tld]
addresses: [10.0.0.2, 10.0.03]
ps: addresses: [10.0.0.2, 10.0.0.3] are the local DNS servers
To get Docker Engine to use web proxy and local DNS servers, Drop-In configuration files must be created. Check the Docker Engine service name under /etc/systemd/system/ folder. My Ubuntu 18.04 installation has got snap.docker.dockerd.service name
Create a folder with the same name of the service name and add ".d" at the end of the folder name
> sudo mkdir -p /etc/systemd/system/snap.docker.dockerd.service.d
Then you can create as many as .conf files in that folder
To create web proxy configuration
> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/proxy.conf
[Service]
Environment="HTTP_PROXY=http://myproxy.domainlocal.tld:8080/" "HTTPS_PROXY=http://myproxy.domainlocal.tld:8080/" "NO_PROXY=localhost,*.domainlocal.tld"
To create DNS setting
> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/dns.conf
[Service]
ExecStart=
ExecStart=/usr/bin/snap run docker.dockerd --dns 10.0.0.2 --dns 10.0.0.3 --dns-search domainlocal.tld
ps: ExecStart= must be defined in the first line to reset that flag
The daemon must be restarted
> sudo systemtcl daemon-reload
> sudo systemctl restart snap.docker.dockerd
To build / run process within the Docker Container, pass the flags:
> sudo docker build --build-arg http_proxy=http://myproxy.domainlocal.tld:8080 --build-arg https_proxy=http://myproxy.domainlocal.tld:8080 -t dockerhubname/imangename .
Have fun!
During the Ubuntu installation, I selected Docker Engine as part of the deployment setup. By default the Docker Engine Service is run by Snap.
My environment uses web proxy to hit the Internet and internal DNS servers only are allowed. Docker Daemon or Docker Containers must use web proxy and internal DNS to hit the Internet.
To setup Ubuntu with static IP, pointing to the right DNS, netplan must be created
create a YAML file in the /etc/netplan/
> sudo vi /etc/netplan/99-local-init.yaml
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.1/24
gateway4: 10.0.0.254
nameservers:
search: [domainlocal.tld]
addresses: [10.0.0.2, 10.0.03]
ps: addresses: [10.0.0.2, 10.0.0.3] are the local DNS servers
To get Docker Engine to use web proxy and local DNS servers, Drop-In configuration files must be created. Check the Docker Engine service name under /etc/systemd/system/ folder. My Ubuntu 18.04 installation has got snap.docker.dockerd.service name
Create a folder with the same name of the service name and add ".d" at the end of the folder name
> sudo mkdir -p /etc/systemd/system/snap.docker.dockerd.service.d
Then you can create as many as .conf files in that folder
To create web proxy configuration
> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/proxy.conf
[Service]
Environment="HTTP_PROXY=http://myproxy.domainlocal.tld:8080/" "HTTPS_PROXY=http://myproxy.domainlocal.tld:8080/" "NO_PROXY=localhost,*.domainlocal.tld"
To create DNS setting
> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/dns.conf
[Service]
ExecStart=
ExecStart=/usr/bin/snap run docker.dockerd --dns 10.0.0.2 --dns 10.0.0.3 --dns-search domainlocal.tld
ps: ExecStart= must be defined in the first line to reset that flag
The daemon must be restarted
> sudo systemtcl daemon-reload
> sudo systemctl restart snap.docker.dockerd
To build / run process within the Docker Container, pass the flags:
> sudo docker build --build-arg http_proxy=http://myproxy.domainlocal.tld:8080 --build-arg https_proxy=http://myproxy.domainlocal.tld:8080 -t dockerhubname/imangename .
Have fun!
Tuesday, March 12, 2019
Docker Copy Files
When building a Docker image using the Dockerfile, if you need to copy some files from the Docker Engine machine to the Docker Image, you need to use the "correct" source path where the files are located.
Let's say you have the following files:
/mydocker/Dockerfile
/mydocker/file1.sh
/mydocker/file2.sh
you can't specify the following command within your Dockerfile
COPY /mydocker/file1.sh /etc/
COPY /mydocker/file2.sh /etc/
instead, you need to do the following
mkdir /mydocker/resources
mv /mydocker/file1.sh /mydocker/resources
mv /mydocker/file2.sh /mydocker/resources
then, in your Dockerfile, specify the following COPY command
COPY resources /etc/
Let's say you have the following files:
/mydocker/Dockerfile
/mydocker/file1.sh
/mydocker/file2.sh
you can't specify the following command within your Dockerfile
COPY /mydocker/file1.sh /etc/
COPY /mydocker/file2.sh /etc/
instead, you need to do the following
mkdir /mydocker/resources
mv /mydocker/file1.sh /mydocker/resources
mv /mydocker/file2.sh /mydocker/resources
then, in your Dockerfile, specify the following COPY command
COPY resources /etc/
Wednesday, February 13, 2019
Tuesday, January 01, 2019
Windows Server Core 2019 - Remote PowerShell
Just installed a couple of Windows Server Core 2019. To manage them through PowerShell remotely, you need to enable PowerShell Remoting
On the Windows Server 2019 Core, run the following command
> Enable-PSRemoting -Force
The remote machine from which you want to manage the server
> Enter-PSSession -Credential (Get-Credential) -ComputerName my2019server.domain.tld
Enjoy!
On the Windows Server 2019 Core, run the following command
> Enable-PSRemoting -Force
The remote machine from which you want to manage the server
> Enter-PSSession -Credential (Get-Credential) -ComputerName my2019server.domain.tld
Enjoy!
Friday, December 07, 2018
Westpac Super.Tech Q4 Individual Award Winner
And to close the year 2018, I have been nominated and won the Q4 Individual Award!
It has been a long and challenging year for me :)
Saturday, November 03, 2018
Thursday, October 25, 2018
Friday, September 21, 2018
Cleaning Up CSC Folders
C:\Windows\CSC folder is the offline files folder. It has special permissions. Without the correct permission, you won't be able to delete anything in it
To delete the content of C:\Windows\CSC, you need to modify its permissions
> cd c:\Windows
> takeown /f CSC /r /a /d y
> icacls CSC /grant Administrators:F
Then you can navigate to the folder and start deleting files
To delete the content of C:\Windows\CSC, you need to modify its permissions
> cd c:\Windows
> takeown /f CSC /r /a /d y
> icacls CSC /grant Administrators:F
Then you can navigate to the folder and start deleting files
Wednesday, August 01, 2018
Publish TeamCity via Sophos XG Firewall
I am running TeamCity product at home for my development work and would like to publish the site via my Sophos XG Firewall. TeamCity runs on the internal domain namespace and to publish it to the Internet, you need to configure it so that it recognises the external domain namespace.
I don't want to make any change on the TeamCity, and luckily Sophos can do it !
Create Business Application Rule on your Sophos Firewall make sure the "Rewrite HTML" is selected as shown below. That's it!
I don't want to make any change on the TeamCity, and luckily Sophos can do it !
Create Business Application Rule on your Sophos Firewall make sure the "Rewrite HTML" is selected as shown below. That's it!
