The homelab was in dire need of an upgrade recently and I landed on some Supermicro X10 motherboards. The 2U case I selected came with some built-in 80mm fans which had a max of 2000 RPM. During initial boot the fans would cycle between idle and max speed. I could see in the IPMI dash […]
Welly, well, well…when in need of a TFTP server why not build your own, leave SELinux enabled, create a custom repo, fight against SELinux, find some help on the internets, and end up spending up way too much time on what was supposed to be a quick task. I’m sure this page will get four […]
Take a domain running multiple versions of Windows domain controllers across multiple AD sites and replicating just fine, add Server 2019 as a DC to the mix, and what do you get? Say it with me now “DCs mostly replicating just fine but KCC re-evaluated connections and one DC is now spamming event 1645 and […]
So you’ve combed through 7 year old TechNet forum posts, cursed the limitations of Event Log Readers group when trying to use Get-WinEvent, and then tried to decipher SDDL to no avail. A treatment for all those woes:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
function Add-EventLogAccess { [cmdletbinding(supportsshouldprocess=$true)] param( [ValidateScript({Get-ADObject -ld "(samaccountname=$_)"})] [string]$Identity, [ValidateSet('Application','Security','System')] [string]$LogName, [ValidateSet('RO','RW')] [string]$Permission ) try{ #get original permissions in SDDL format $origValue = ((wevtutil.exe gl $LogName | ? {$_ -match '^channelAccess'}) -split ': ')[-1].trim() #create new SDDL syntax switch($Permission){ 'RO' {$PermissionHex = '0x1'} 'RW' {$PermissionHex = '0x3'} } $ADsid = (Get-ADObject -ld "(samaccountname=$Identity)" -prop ObjectSid).ObjectSid.Value if($origValue -match $ADsid){write-host "$ADsid already set in SDDL, manual inspection required`nCurrent Value: $origValue" -f yellow; return} $newValue = "$origValue(A;;$PermissionHex;;;$ADsid)” write-host "CustomSD original value: $origValue" write-host "CustomSD new value: $newValue" $Path = "HKLM:\SYSTEM\CurrentControlSet\Services\Eventlog\$logName" if($PSCmdlet.ShouldProcess("$logname log with value $newValue","Set-ItemProperty")){ #NOTE removing customSD allows channelaccess to return to default, verified with wevutil.exe gl $LogName Set-ItemProperty -Path $path -Name 'CustomSD' -Value $newValue -Type string -ErrorAction Stop -Force $regACL = Get-Acl $Path if($regacl.Access | ? {$_.identityreference -like "*$Identity" -and $_.RegistryRights -eq 'ReadKey' -and $_.AccessControlType -eq 'Allow'}){ write-host "`n$Identity already has ability to read $Path" -f Yellow } else{ write-host "`nAdd $Identity permission to $path" -f Green $rule = New-Object System.Security.AccessControl.RegistryAccessRule($Identity,'ReadKey','ContainerInherit,ObjectInherit','None','Allow') $regACL.AddAccessRule($rule) Set-Acl -AclObject $regACL -Path $regACL.Path -ErrorAction Stop } } } catch{ throw $_ } } Add-EventLogAccess -Identity 'MY_AD_GROUP' -LogName Security -Permission RO |
The basic gist here is that the CustomSD registry value will contain your new permissions and […]
So the shiny and new Windows 10 v1809 has RSAT available as features on demand you can install simply using Add-WindowsCapability. Great! Unfortunately for me somewhere along the line my Windows 10 system, which had the 1803 RSAT tools installed, obtained standard Windows updates and the RSAT options were removed from Windows Features menu. I […]
I found that the latest version of PowerCLI 10 ran fine in 32-bit mode but VS Code, Powershell ISE, or Powershell console in 64-bit mode were unable to load the module. I would get the following errors when trying to import the newly installed module: Could not load file or assembly ‘log4net, Version=1.2.10.0, Culture=neutral, PublicKeyToken=692fbea5521e1304’ […]
I found RDS cmdlets a tad annoying since you must specify the single “ActiveManagementServer” name instead of the HA connection broker name. If you omit the connection broker value you may see “A Remote Desktop Services deployment does not exist on server.contoso.com. This operation can be performed after creating a deployment. For information about creating […]
Trying to get at that sweet esxi 6.7 ISO and your manual download button does absolutely nothing? I found https://communities.vmware.com/thread/518378 and since my pfSense DNSBL feed contains PiHole lists I wanted to do some further digging. Running tail -f /var/log/pfblockerng/dnsbl.log while refreshing the download page reveled the following domain block: tags.tiqcdn.com Then a grep -r 'tiqcdn' /var/db/pfblockerng/dnsbl/* showed the domain in […]
I installed oVirt a little over a year ago for the first time and everything went as planned except I didn’t RTFM closely enough to realize the self hosted engine required it’s own storage domain. So with that bit of info I wanted to give it another go – which resulted in multiple installation problems […]
This post will be an onging update to my Arch install on an aging HP ultrabook and primarily for my own reference. It could be helpful to others but I’d highly recommend running through a vanilla Arch install in virtualbox a few times to get an idea of the entire process vs relying on this […]