I have been tasked with something at work that requires me to use powershell or some other scripting language to parse an email and take a part of the body out of it or if there is a way to grab the concurrent user count out of goliath for citrix users. I then need to open an SSH session to a router and run a sh-vpnsessiondb and grab the output of that command and combine it with the stuff parsed from the email. If someone can help with even a single part of the script it will go a long way for me :)
Related
Maybe an easy question for someone who knows Powershell and O365 well. Is there a way to configure it so when a command is run for example to pull all access to a shared mailbox, that either a service account is permissioned each time to pull that information or the user who is running the script? I looked at connecting an SA to the script but it would have too much access to 0365 to give it the specific permissions. So the account is not permissioned for the access by default but every time the script/command is ran its permissioned for that inquiry which it shows then it won't have access until the next time its called.
Looking to add this type of function to a script which we only want the helpdesk people to see the information when they run the script and the specific command in the script.
Hopefully explained clear enough :)
Thanks all.
I don't think there is a way to do that natively. You could fiddle something with Azure PIM but that's more for one-off operations than minute action that are done often.
You could however circumvent that by making some sort of web interface that triggers commands on another server using a privileged SA and returns the output through the web interface. You can just make it so that the interface can only request one specific command to be run, and the only thing you have to worry about is sanitizing your parameters well to avoid unwanted injection.
Alternatively, what are you trying to protect against by restricting access so much ? Isn't it something that could be done more easily using a read-only account and some clearly defined policy ? If your helpdesk people overstep their allowed scope, that's a management/HR problem as much as a technical one.
Some people on our team have rights to reset MFA on azure, and others do not. I was wondering if powershell had -some- functionality where I could build some kind of server with it that would respond to prompts from those team members.
My controller would basically have my credentials signed in, and based on pings from my team members, it would take their input and perform the MFA reset using my credentials. I already have tools that allow me, personal, to send these requests, but I do not know if Powershell has the capability to act as a controller/server of some form and respond to commands such as this.
Basically: Coworker pings my machine, my machine performs the reset with my credentials via powershell. Everything I have found thus far is about running remote credentials on other machines, and not having powershell itself act as some kind of controller. Is it even possible? Or am I going to have to use something else to do this. Powershell isn't a language I am super familiar with and something I had to learn on the fly
I just need a plain static .html page form, to POST to a Powershell script.
I've seen plenty of Powershell Invoke-WebRequest cmdlet material, but where Powershell is always initiating the HTTP request (and then handling the HTTP response..)
Thank you!
The short answer is that you cannot POST directly to a PowerShell script. When you POST to a website you are passing arguments to the web server that are then being presented to code on that web server ( the target of your POST request ) that the web server is capable of executing. Web servers do not understand PowerShell ( unless Microsoft has implemented this, which a few quick googles suggests they haven't ).
That being said, your ultimate goal is likely that you want to consume data that you sourced from a form via a PowerShell script. You will need to implement a backend on the webserver to consume the POST request and pass it to the operating system level to be run via PowerShell. This is generally not a good idea but if you are doing it for an internal site to get something running quickly then so be it.
Here is the process to call a Powershell script from ASP.Net: http://jeffmurr.com/blog/?p=142
You could approach this problem in many other ways. You could write your backend site to save the data from the POST request to a file and come along and parse that file on a schedule with PowerShell. You could use a database in the same manor or you could create a trigger in the database to run the script each time a row is appended.
I suspect that if you work down one of these pathways you will ultimately find that the technology you are using on the backend ( like ASP.Net or PHP or JavaScript ) is capable of doing the work you need done and that you would have far less moving parts if you stuck with one of those. Don't be afraid to learn something new. Jumping to JavaScript from PowerShell is not that difficult.
And the world moves to fast. Here is a NodeJS-like implementation of a webserver in PowerShell.
https://gallery.technet.microsoft.com/scriptcenter/Powershell-Webserver-74dcf466
I am looking for a secure means to store powershell credentials for use in a scheduled-task script but I keep running into road blocks. Windows Server 2008 environment primarily.
The biggest issue I have found is that even if we throw the password out to a secureString text file and read that in later, that the credential object is inherently flawed for use as a scriptable object. It provides a method that exposes clear text information.
$credentialObject.GetNetworkCredential().password
This means that if someone has access to the system and task scheduler, they can extract the password used in my script with little trouble.
Does anyone know of a way around this?
If you take a credential object and save it using Export-Clixml, only the user who exported it can decrypt it, and only on the same computer.
So the scheduled task also has to run as that user.
But the task has to be able to decrypt the credential to use it. There is no way around that. So anyone who can modify the task or modify the code that the task runs can get the credential.
As #EBGreen said, setting the credentials on the scheduled task only, and not using a credential object at all, could work, but it depends on what you're trying to do, which we can't tell without code.
You could also try to use the Windows Credential Manager. Here's some code that seems to help with that, but I'm not familiar with this method.
I have a CasperJS script which logs into our test website platform. Our website application produces dynamic data which is updated every second, and normally using a web browser the login is left running (as you would using webmail)
The script logs into the website as a user, waits five seconds for the page to populate with data and uses the this.capture function to grab a screen shot to confirm the details are correct.
What I want to do, is follow on from the login as I've noticed the CasperJS script does not stay logged in as our customers logins are persistent.
I want to do this because we are load testing a new proof of concept platform.
Does anyone know how I make CasperJS do this?
I also want to parse a csv list of username/passwords to simulate logins - I'm presuming that I have to do this via a shell script or get PhantomJS invoke each login sequentially?
(background: I'm not a web developer, but someone with 20 years of IT and Unix/Infrastructure - so I would class myself as an intermediate skill scripting)
Persistent login
This is what the --cookies-file commandline option is for. It stores all cookies in a file on disk and on subsequent invocations of the script will use the stored cookies to restore the session. So just run your script like this:
casperjs --cooies-file=cookies.txt yourScript.js
yourScript.js should be able to tell that are already logged in.
Multiple credentials
Your other problem can be solved in different ways, but none of them should be invoked with the --cookies-file option.
Since a CSV is a simple file format you can read it through the PhantomJS fs module and iterate over them with casper.eachThen. For each iteration, you would need to login, do your thing and don't forget to log out just in the same way you would do in a browser session.
Parse the CSV somehow in the shell and pass the pairs into CasperJS. Then you can access casper.cli to get the credentials to log in. With this option you don't need to log out, since each invocation runs in its own PhantomJS instance and doesn't share cookies.
This option can be combined with your first question, if that is what you want. Add on each invocation the option --cookies-file=cookies_<username>.txt, so you can run the shell script multiple times without logging in each time.
Load testing
If I understood correctly, then the web application is password protected. You would need to run a separate CasperJS process for each username/password pair. You should check the memory footprint for one script invocation and scale up. Memory is the primary limiting factor which you can calculate for your test machine, but CPU will also hit a limit somewhere.
PhantomJS/CasperJS instances are full browsers and are therefore much heavier than a slim webserver. So you will probably need multiple machines each with many instances that run your script to load test the webserver.