I was recently in the Scripting Guy 2011 game advanced group and placed 32nd overall. Not too bad :-) considering I didn't have enough time to finish all scripts (I've done 8 out of 10), neither did I have time to polish my scripts which costed quite a few points :-(. Nevertheless it's a great experience. I learned a lot new PowerShell techniques along the way!
2011 Advanced Group Final Leader Board
Search This Blog
Jul 18, 2011
Apr 20, 2011
Using System Namespace In Powershell
There are many cool pre-defined constants, functions, methods, and etc. in System object. One would normally learn individual ones through sample scripts, but really should browse the MSDN page to explore what System namespace has to offer. Go to a class/structure/enumeration that you are interested, then pay special attention to those static members.
A few examples:
[System.DateTime]::Today versus [System.DateTime]::Now
[System.String]::Empty
[System.Console]:: almost everything are static, not surprisingly
[System.Math]::PI
There are also a bunch of other namespaces, please see .Net Framework Libraries
A few examples:
[System.DateTime]::Today versus [System.DateTime]::Now
[System.String]::Empty
[System.Console]:: almost everything are static, not surprisingly
[System.Math]::PI
There are also a bunch of other namespaces, please see .Net Framework Libraries
Dec 14, 2010
Local Admin Account vs. account lockout
You can't really lock out an admin account - as long as you type in the correct password on *local console*, the system will unlock it automatically. This makes sense - legit users need a way to get into the system when all other credentials are failing - completely locking out all users surely won't make happy customers.
However this increases the risk of being cracked by brutalforce method. For companies who want to maximize the security and are willing to pay the cost of losing acceess due to lost passswords, there is a way to put admins under same lockout policy as ordinary users. MS has an old tool called passprop.exe that can enforce lockout policy, even against admins.
passprop /adminlockout
This is no longer needed in Windows 2008. There are pre-define security polices in Windows 2008 will do the same.
However this increases the risk of being cracked by brutalforce method. For companies who want to maximize the security and are willing to pay the cost of losing acceess due to lost passswords, there is a way to put admins under same lockout policy as ordinary users. MS has an old tool called passprop.exe that can enforce lockout policy, even against admins.
passprop /adminlockout
This is no longer needed in Windows 2008. There are pre-define security polices in Windows 2008 will do the same.
LDAP search can't find secondary email addresses
You can search primary address using filter like (mail=JohnDoe@foo.com), but similar filter (proxyAddresses=johnDoe@foo.com) won't return anything. This is because attribute "proxyAddresses" holds not only smtp addresses, but also other types, e.g. RightFax, X.25, as well. To search secondary smtp addresses, you need to define a filter like this
(proxyAddresses=smtp:johnDoe@foo.com)
(proxyAddresses=smtp:johnDoe@foo.com)
Oct 28, 2010
Java JDNI Authentication Against AD
Keep in mind that some of the mechanisms require the user's password stored in reversible format and password be reset.
JNDI, Active Directory and Authentication (Part 1) (Kerberos)
http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
JNDI, Active Directory & Authentication (part 2) (SSL)
http://forum.java.sun.com/thread.jspa?threadID=581425&tstart=50
JNDI, Active Directory and Authentication (Part 1) (Kerberos)
http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
JNDI, Active Directory & Authentication (part 2) (SSL)
http://forum.java.sun.com/thread.jspa?threadID=581425&tstart=50
How LDAP Error Codes Map to JNDI Exceptions
LDAP Status Code Meaning Exception or Action
0 Success Report success.
1 Operations error NamingException
2 Protocol error CommunicationException
3 Time limit exceeded. TimeLimitExceededException
4 Size limit exceeded. SizeLimitExceededException
5 Compared false. Used by DirContext.search(). Does not generate an exception.
6 Compared true. Used by DirContext.search(). Does not generate an exception.
7 Authentication method not supported. AuthenticationNotSupportedException
8 Strong authentication required. AuthenticationNotSupportedException
9 Partial results being returned. If the environment property "java.naming.referral" is set to "ignore" or the contents of the error do not contain a referral, throw a PartialResultException. Otherwise, use contents to build a referral.
0 Success Report success.
1 Operations error NamingException
2 Protocol error CommunicationException
3 Time limit exceeded. TimeLimitExceededException
4 Size limit exceeded. SizeLimitExceededException
5 Compared false. Used by DirContext.search(). Does not generate an exception.
6 Compared true. Used by DirContext.search(). Does not generate an exception.
7 Authentication method not supported. AuthenticationNotSupportedException
8 Strong authentication required. AuthenticationNotSupportedException
9 Partial results being returned. If the environment property "java.naming.referral" is set to "ignore" or the contents of the error do not contain a referral, throw a PartialResultException. Otherwise, use contents to build a referral.
Subscribe to:
Posts (Atom)