PING

I have been using ping for quite a while now and I have only just realised that it stands for something.

I have always likened it to the sound a sonar makes and finds things from its returning echo.

It turns out that ping stands for Packet InterNet Groper.

This is something that I am planing on using during my next interview if the subject ever come up.

5 Ways to find a MAC address

 

 

I was once asked in an interview how to find a MAC address. I answered with getmac which at the time. I thought was the best way of doing this. The guy asking the question obviously wanted ipconfig /all. There is nothing wrong with that but it gives you a lot of unnecessary information if you are only after the MAC address and no way of using this information in a script. It got me thinking about how many ways there are to find a MAC address and which ones are the best ways. Here are 5 that I have came up with.

getmac

1

ipconfig /all

2

 

Get-WmiObject -Class Win32_NetworkAdapterConfiguration

3

Get-WmiObject -Class win32_networkadapter

4

Get-NetAdapter

My favourite one of these is get-netadapter

5

I like this one because of the information that it gives. With a simple bit of scripting you could automate this to find the MAC address of every machine in your network showing name and Mac address.

A good this to know when querying with PowerShell is the Select -expandproperty command. If you use this you can narrow you queries down to just the information that is interesting to you.

 PS C:\Users\Administrator> get-netadapter | select -ExpandProperty macaddress
22-00-0B-0B-95-10

Adding Printers with PowerShell

 

 

Adding printers is probably best done with preferences but there may be a time when you want to do this with PowerShell. Like when you want it done now or you are working in a workgroup.

I have found two ways of doing this.

The first:

$PrinterPath = “\\servername.example.local\printer_name”
$net = new-Object -com WScript.Network
$net.AddWindowsPrinterConnection($PrinterPath)

And the second way is:

Add-Printer -ConnectionName \\printServer\printerName

NAME
Add-Printer

SYNOPSIS
Adds a printer to the specified computer.

SYNTAX
Add-Printer [-ConnectionName] <String> [-AsJob] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-Confirm]
[-WhatIf] [<CommonParameters>]

Add-Printer [-Name] <String> [-DriverName] <String> [-AsJob] [-BranchOfficeOfflineLogSizeMB <UInt32>] [-CimSession
<CimSession[]>] [-Comment <String>] [-ComputerName <String>] [-Datatype <String>] [-DisableBranchOfficeLogging]
[-KeepPrintedJobs] [-Location <String>] [-PermissionSDDL <String>] [-PrintProcessor <String>] [-Priority <UInt32>]
[-Published] [-RenderingMode <RenderingModeEnum>] [-SeparatorPageFile <String>] [-Shared] [-ShareName <String>]
[-StartTime <UInt32>] [-ThrottleLimit <Int32>] [-UntilTime <UInt32>] -PortName <String> [-Confirm] [-WhatIf]
[<CommonParameters>]

Add-Printer [-Name] <String> [-AsJob] [-BranchOfficeOfflineLogSizeMB <UInt32>] [-CimSession <CimSession[]>]
[-Comment <String>] [-ComputerName <String>] [-Datatype <String>] [-DeviceURL <String>] [-DeviceUUID <String>]
[-DisableBranchOfficeLogging] [-KeepPrintedJobs] [-Location <String>] [-PermissionSDDL <String>] [-PrintProcessor
<String>] [-Priority <UInt32>] [-Published] [-RenderingMode <RenderingModeEnum>] [-SeparatorPageFile <String>]
[-Shared] [-ShareName <String>] [-StartTime <UInt32>] [-ThrottleLimit <Int32>] [-UntilTime <UInt32>] [-Confirm]
[-WhatIf] [<CommonParameters>]
DESCRIPTION
The Add-Printer cmdlet adds a printer to a specified computer. You can add both local printers and connections to
network-based printers.

You cannot use wildcard characters with Add-Printer. You can use Add-Printer in a Windows PowerShell remoting
session.

You do not need administrator privileges to use Add-Printer.

Using Performance monitor

 

 

Performance monitor can be opened by typing perfmon.msc or from the tools menu.

1

Under monitoring tools you have performance monitor. By default it monitors CPU usage only but you can add counters by pressing the green +.

2

3

Click on what you want to measure then click add.

It is common to use counters for Disk CPU and Memory.

Collect the counters that you want and click Ok.

4

To get a better view of a particular counter click on it and press control h on your keyboard and it appears highlighted. This is good because some of the counters are hard to see individually.

5

You can change the graph view by pressing the highlighted button.

6

The choices are line (the default)

Histogram Bar

7

And report which is good for showing actual values.

Performance monitor is good for showing live values.

For monitoring over a period of time it is better to use data collection sets.

There are two types of data collections user defined and system.

You can start a data collection set by right clicking on it and clicking start.

8

Once it has been run you can view the results from the report section.

9

Creating a user defined data collector set

10

right click user defined > New > Data Collector Set

11

Give it a name and choose from template or manually. I am doing manually.

12

click Add to add counters

13

14

Select counters that you want to measure and click Ok.

15

Select a sample interval that suits your purpose and click next.

Select where you want to keep the data and click next.

16

17

You can choose who you want the set to run as and and you can choose to open the properties, run the collector set now, or just save it.

18

I would normally add a description here.

19

The Schedule tab allows you to create a schedule to run this collector set. You might want to run it at a particular time of day.

20

The stop condition determines how long you want to run this set.

and the task tab allows you to run a task like a script after the set finishes.

21

You can start it by right clicking and selecting start.

22

this should run for 45 seconds in line with the stop condition.

23

There is a visual indicator that it is running.

24

When it finishes you can view the report.

 

Using Task manager with Windows Server 2012 R2

 

 

Task manager is a quick way of monitoring live information about what is going on with your machine in real time.

Task manager can be opened in a number of ways my favorite is to right click on the taskbar and select Task Manager.

12

Taskmgr.exe also works.

by default is only shows open programs but if you click more details you get a lot more information.

13

14

15

If you right click on an application you can end it or find out information about it.

16

The performance shows live statistics about how many resources are being used on the computer.

Resource Monitor gives and even more detailed view of this.

17

The users tab shows who is logged on and what kind of resources they are using.

18

Details shows what processes are running and information about them.

And services shows information about the services running and not running.

19

You can start and stop services here or open Services.msc from here.

 

Using Bitlocker to Encrypt a drive.

 

 

Start by adding the Bitlocker Feature

19

 

Select all the defaults until you get to features then install

11

Bitlocker Drive Encryption and Bitlocker Network Unlock

Accept all the defaults and click install.

A restart is required.

When you restart under system and security in control panel there should be an option for bitlocker.

This did not work on my AWS instance so I will come back to this later.

 

 

 

 

 

Basic file and folder manipulation with linux

 

 

Here are some simple file and folder manipulation commands for more information check out the man pages in your linux distribution.

Be careful when manipulating files in Linux because linux will allow you to remove system files. Including ones critical to the operating system.

The cp command can be used to copy files

 

man cp

       cp [OPTION]… -t DIRECTORY SOURCE

DESCRIPTION

       Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY.

 

 

The mv command is used to move files or rename them

NAME

       mv – move (rename) files

SYNOPSIS

       mv [OPTION]… [-T] SOURCE DEST

       mv [OPTION]… SOURCEDIRECTORY

       mv [OPTION]… -t DIRECTORY SOURCE

DESCRIPTION

       Rename SOURCE to DEST, or move SOURCE(s) to DIRECTORY.

The rm command removed files

NAME

       rm – remove files or directories

SYNOPSIS

       rm [OPTION]… FILE

DESCRIPTION

       This  manual  page  documents  the  GNU version of rmrm removes each

       specified file.  By default, it does not remove directories.

pwd shows the current working directory

ubuntu@ip-10-111-173-20:~$ pwd

/home/ubuntu

cat shows the content of a file

NAME

       cat – concatenate files and print on the standard output

SYNOPSIS

       cat [OPTION]… [FILE]…

DESCRIPTION

       Concatenate FILE(s), or standard input, to standard output.

The ls command is like dir in windows

NAME

       ls – list directory contents

SYNOPSIS

       ls [OPTION]… [FILE]…

DESCRIPTION

       List  information  about  the FILEs (the current directory by default).

       Sort entries alphabetically if none of -cftuvSUX nor –sort  is  speci‐

       fied.

ls -l shows the permissions on a file permissions in linux work like this

there are three groupings of letters owner group others each grouping has some or all of the letters rwx which stands for Read Write and eXecute

You change the permissions with the chmod command you change the owner with the chown command

You can create a file with the touch command.

 

NAME

       touch – change file timestamps

SYNOPSIS

       touch [OPTION]… FILE

DESCRIPTION

       Update  the  access  and modification times of each FILE to the current

       time.

       A FILE argument that does not exist is created empty, unless -c  or  -h

       is supplied.

 

 

Using PowerShell to stop unnecessary processes

 

 

It is a good practice to know what processes should be running on your computer.

The get-process command will show what processes should be running on your computer.

If you work in a place that has a SOE it is a good idea to get a list of processes before users and malware start installing rouge processes. Then when you have this in place you can make a script like this one.

Get-Process | where {$_.processname -notlike “AgentMon” } |

where { $_.name -notlike “audiodg” } |

where { $_.name -notlike “avp” } |

where { $_.name -notlike “conhost” } |

where { $_.name -notlike “csrss” } |

 where { $_.name -notlike “dwm” }

| where { $_.name -notlike “explorer” } |

where { $_.name -notlike “Idle” } |

 where { $_.name -notlike “KaUsrTsk” } |

where { $_.name -notlike “LogonUI” } |

where { $_.name -notlike “lsass” } | where { $_.name -notlike “lsm” } |

where { $_.name -notlike “Lua” } |

 where { $_.name -notlike “powershell” } |

 where { $_.name -notlike “rundll32” } |

where { $_.name -notlike “SearchFilterHost” } |

 where { $_.name -notlike “SearchIndexer” } |

where { $_.name -notlike “SearchProtocolHost” } |

 where { $_.name -notlike “services” } |

where { $_.name -notlike “smss” } |

where { $_.name -notlike “spoolsv” } |

where { $_.name -notlike “sppsvc” } |

 where { $_.name -notlike “svchost” } |

where { $_.name -notlike “System” } |

 where { $_.name -notlike “taskhost” } |

where { $_.name -notlike “VSSVC” } |

 where { $_.name -notlike “wininit” } |

where { $_.name -notlike “winlogon” } |

 where { $_.name -notlike “winvnc4” } |

where { $_.name -notlike “WmiPrvSE” } |

where { $_.name -notlike “WUDFHost” } |kill

This script passes all the processes not on the list through the pipeline and whatever is left over it kills (runs Stop-Process on).

I have used this script on computers that are completely non responsive and after running the script you can work on them and do some troubleshooting (or run your favorite anti malware software). Also you can run it without the kill option to find out what processes are running that should not be.

A good way to get a list of processes that should be running is

Get-Process | select processname 

I know this is a little bit manual but you could use the concatenate command in excel to form this list.

46

Then add get-process at the front and kill at the end.