I have completed testing of a freeipa instance in a lab. I'd like to export all of the SudoCommands that I have defined in the lab to the servers I intend to press into production.
I did an LDAP search to see if I could find an OU that had all of the commands & descriptions I configured in lab (5 pages worth), but found nothing. I performed an pa-server-backup and sifted through that filesystem. The only reference I found to sudo was a couple of berkley databases for host groups and external commands, none of which had any entries.
Is anyone aware of where in the freeipa application the individual sudocommands are stored & how to access them? The CommandGroups & HostGroups I made are easy enough to regenerate from hand.
I found there was another CN on top of cn=sudo,$SUFFIX:
cn=sudocmds,cn=sudo,$SUFFIX
Related
I'm busy writing a script as a project to Audit Windows Servers for PCI compliance, One of the things my project lead has asked me to attempt to get to try to get a list of all hosts that are connected to a domain, however this script needs to be able to be run on any windows server without being able to import any modules, so I'm stuck with whatever tool already exists on a bare machine.
Ive already written parts of the script that can rely on the 'active directory' modules but I also need to find a way to get information without any DNS or Domain roles installed.
The closest I can get to achieving this is by using the 'netdom' command however this relies on usernames and passwords that I cannot query for in the auditing script.
Ive tried tools like nslookup and a few other things I've come across while looking for answers online, but most of it seems to rely on modules that I cannot install on the machines that the script will need to run on.
Does anyone know if this can actually be done? and if so how can I achieve this?
Edit: for a bit more clarity, I need a way to get a list of all machines in the domain from machines that are NOT a domain controller and I cannot alter these machines at all.
As per boxdog's comment "([adsisearcher]"objectcategory=computer").findall()" command works just fine
Ok I am attempting to transfer a manual change to powershell,
Attempting to grant IIS_IUSRS access to /LM/SmtpSvc/ and /LM/SmtpSvc/1/ nodes in the IIS Metabase.
I have googled extensively and can not find an example of what i am looking for.
I have been trying to play with
$smtp = [wmiclass]‘root\MicrosoftIISv2:IIsSmtpServerSetting'
But I am in a little over my head with WMI.
Any help would be appreciated. This setting is required for resolving
This.
Not an exact answer, but the best I have so far. Following the Guide here I chose option 1 and changed the app pool to network service. I will still work on a way to do the permissions settings with powershell.
Update (solution untested)
I found this answer on another post that details how to do it using scripts in the iis6.0 resource toolkit. To get these scripts on server 2012 you have to install the IIS6.0 resource toolkit, the only way i can find to do a silent install of this one was located here from there you can call the scripts using cscript.exe. I stuck with the changing user on the app pool option because it fits in with other things as well.
Last week I created 8 databases on a V12 SqlAzure server via powershell and ARM templates, it worked fine. We started to use these databases in SQL Management studio and have set up users and tables etc. There is some data in them and we can select and update as expected. In short they work!
But today I wanted to apply some resource locks to the databases using the azure powershell cmdlet New-AzureRmResourceLock but I'm finding that the command Get-AzureRmResource | Where-Object {$_.ResourceType -eq "Microsoft.Sql/servers/databases"} does not return the databases I'm looking for!
Also I now look in the portal https://portal.azure.com and I see the SQL Servers listed, and when i enter the blade for my sql server I see the databases. But if I click on a DB I'm lead to a not found resource. Also when using the SQL Databases blade I don't see any of the databases listed.
As an aside if I log on to the classic portal https://manage.windowsazure.com I can see the sql server and see all the databases, and click on them and configure them.
I don't really want to have to recreate all these databases as we have started to set them up with schemas, users and data but do need to be able to use the cmdlets to change them especially to add resource locks to them.
Has anyone see this before? and what could i try to bring them back so i can use powershell to configure them again.
I was in touch with Microsoft support last week and they had a look. this is the resolution.
From: Microsoft support Email
I suspect that our case issue derives from stale subscription cache.
In summary, subscription cache can become stale when changes made
within a subscription occur over time. In an effort to mitigate our
case issue, I have refreshed the subscription cache from the backend.
After they had a look it was sorted out that day, both the portal and more importantly the command line are fixed.
Thanks All
Please provide your subscription id, server name and missing database names and I will have this investigated. Apologies for the inconvenience. You can send details to me at bill dot gibson at microsoft . com.
I am encountering several situations where, in a Chef recipe with powershell_scipt, a command appears to fail, whereas if I run the same command in powershell outside of Chef, the same command works.
The two in particular are "regedit", which I am trying to use to set a key for app compatibility and the other is "net use z:...." to created a mapped drive. Both of these seem to work fine if I run them in powershell, but if I use them inside a recipe inside powershell_script, they don't appear to do anything.
So I'm wondering is this because Chef runs commands that are inside powershell_script at some lower privilege level?
Also if so, how do I change it so that the regedit and net use would work?
Thanks,
Jim
EDIT 1: This seems to work for adding the registry entry I needed:
registry_key "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags" do
values [{
:name => "{2b9034f3-b661-4d36-a5ef-60ab5a711ace}",
:type => :dword,
:data => 00000004
}]
action :create
end
That prevents the compatability popup that I am getting when we run the Sharepoint installer.
EDIT 2: I hope that this is ok, but for the record and more visibility and hope that I remember this, I found this re. mapping drives in Windows and Chef:
Mount windows shares on a windows node with Chef
and:
https://tickets.opscode.com/browse/CHEF-1267
I haven't tried that yet, but that seems like the answer to my drive mapping need.... hopefully..
The chef client service runs as Local System (SYSTEM) by default.
In Windows, that user has full privileges on the local system, like root basically, but on the network it authenticates as the computer object.
So it you are trying to use regedit to change something in for example HKEY_CURRENT_USER then you need to remember that the code will not see the same "current user" as you will when you run it in interactively. Also, regedit is an .exe; you should really do what you need through the PowerShell providers or .Net objects.
For net use you are trying to map a drive. It's likely that the computer account doesn't have the rights to the share that your user has. Again, net.exe is a separate executable. net use maps a drive to a drive letter (usually) and you shouldn't be doing that in a configuration script, in my opinion. You should access the UNC path directly, but either way I still think that you're probably running into a permissions issue here.
You could change the credentials of the service to use a user account that has all the rights you want, but before doing something like that you should consider changing your workflow to not need that.
ASP.NET Membership is just great as there are a ton of functionality right there to be used, and we don't need to change nothing at all.
We can even create our own Provider based on Membership database, and that give us infinite possibilities, like as I don't like the Question/Answer I just use an email that is sent with a reset link.
But this is all done with SQLEXPRESS .mdf file and I wanted to use my own Database for this so I can use SQL Server Enterprise as we have in the Office and not the Express Edition.
How can I easily use the ASP.NET Membership tables in my own Database?
I rememebered some years ago that we needed to use aspnet_reg (something) to create the correct tables, but I can't find that info anymore.
I also tried to use other Membership Providers, namely Altairis.Web.Security from CodePlex and saw the Chris Pels Video on creating a new Membership Provider
On Altairis solution, the Model is not complete and lack several points such as Several Applications as it's made to be used with only one, and Chris Pels contains to much Store Procedures that I need to create by hand.
I'm for given Chris code a go but I just wanted to know if there would be available something easier.
All this is to be integrated in ASP.NET MVC 2 Web Application.
Thanks
You have 3 options:
Do it by running aspnet_regsql.exe: Just open "Start Menu>All Programs>Microsoft Visual Studio 2010>Visual Studio Tools>Visual Studio Command Prompt(2010)" and then type aspnet_regsql. A wizard appears and let you select your desired database.
Do it via API: Use System.Web.Management.SqlServices class and its Install and Uninstall methods. This will programmatically install/uninstall database artifacts.
Do it manually: Go to C:\Windows\Microsoft.NET\Framework\v4.0.30319 or something like. You will find 9 .sql files that begins with Install and 9 .sql files that begins with uninstall. You can run them manually in your database to create needed tables/store procedures/etc. But consider changing database name in sql scripts. Default db name is aspnetdb.
It's aspnet_regsql
Under the following path:
C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql
You need to open up the Visual Studio Command Prompt, navigate to C:\WINDOWS\Microsoft.NET\Framework\\aspnet_regsql.exe . Some example are located in the MSDN documentation.
Example: aspnet_regsql.exe -E -S localhost -A mr - installs the database elements for membership and role management on the local computer running SQL Server using Windows authentication.