Aaron
·
August 12, 2023
·
Microsoft, Scripting, Uncategorized
·
Active Directory, AD password reset, Automation, checking password changes, how to check if a user changed their password, how to check if a user has change their password, how to use powershell to check a users password change, IT Admin, Last Login, password reset times, powershell, powershell scripting, simple powershell checking users password, Techtips, User management, Wordpressit
Let’s query Active Directory using PowerShell to determine the last time a user has reset or changed their password. I will use the ‘Get-ADUser’ cmdlet to retrieve user properties and the ‘Get-ADUserResultantPasswordPolicy’ for password last set information. If have documented the script you will find it below.
# Ensure ActiveDirectory module is imported
Import-Module ActiveDirectory
# Define the user you want to check
$user = "username" # replace 'username' with the actual username
# Retrieve user info
$userInfo = Get-ADUser -Identity $user -Properties "PasswordLastSet", "LastLogon", "LastLogonTimestamp"
# Convert the LastLogonTimestamp (which is more reliable) to datetime
$lastLogonDate = [DateTime]::FromFileTime($userInfo.LastLogonTimestamp)
# Display information
Write-Output "User: $($userInfo.SamAccountName)"
Write-Output "Password Last Set: $($userInfo.PasswordLastSet)"
Write-Output "Last Login Time: $lastLogonDate"
Below you will find an example output, I hope this helps and feel free to add, export, or change this as needed.
User: username
Password Last Set: 05/02/2023 16:04:44
Last Login Time: 05/02/2023 16:16:10
Aaron
·
July 25, 2023
·
Microsoft
·
exporting a HV VM, exporting a hyper-v vm unreal-labs, host to export a hyper-v vm, how to export a vm, Hyper-V, Hyperv, Microsoft, steps to export a hyper-v vm, steps to export a vm, unreal-labs, what are the steps to export a hyperv vm, what files are exported from a hyperv vm
- Open Hyper-V Manager: Go to the start menu, search for “Hyper-V Manager,” and launch it.
- Select the VM: In the left-hand pane, locate the virtual machine you would like to export. Right click on it and open the context menu and then click on “export”.
- Choose the Export Path: In the “Export Virtual Machine” wizard, you’ll be prompted to select an export path. Choose a location where you want to save the exported VM, preferably on a drive with sufficient space!
- Choose Export Options: In this step, you will have the option to choose whether you want to export the VM’s snapshots as well. You can choose to export all snapshots or just he running state. Select the appropriate option based on your needs and click “Next”.
- Complete the Export: Review the settings on the summary page and click “Finish” to begin the export.
- Monitor the Export Progress: The export process may take some time depending on the size of the VM and it’s associated files. You will want to monitor the progress through the Hyper-V Manager.
Once the export is completed, you will have a copy of the VM in the folder you specified. This exported VM can be imported into another Hyper-V host or it could serve as a backup of the original VM.
The export of the VM only creates a copy of the virtual machine configuration and its associated files. It does not remove or affect the original VM in any way. Thanks again for reading this far, I hope this article answered some of your questions.
Aaron
·
July 5, 2023
·
Microsoft, CMD, Microsoft, Wireshark
·
cmd traffic capture, cmd tshark, cmd wireshark, command line wireshark, how to use tshark, Network monitoring, Open source tools, Packet sniffing, Running wireshark from the cmd line, tcpdump, Traffic capture, tshark, tshark -i Ethernet, tshark from the cmd, unreal-labs, wireshark cmd
TShark is a command-line tool that comes bundled with Wireshark. It provides similar functionality to Wireshark but without the GUI. Below are some options for running TShark.
Make sure to add the Wireshark directory to your %Path% or run the command from the Wireshark folder under “Program Files”.
Basic TShark command:
tshark
To select and interface if you have more then one
tshark -i <interface_Name>
Capture packets to a file:
tshark -i <interface_name> -w captured.pcap
This command captures and saves them to the specified file “captured.pcap”
Read a Capture File:
tshark -r captured.pcap
This command reads the captured file “captured.pcap” and displays the packet information.
Filtering Packets:
You can apply disply filters to TShark to view specific packets. User the ‘-Y’ option followed by the filter expression.
tshark -r captured.pcap -Y "expression"
Replace “expression” with the desired filter such as “ip.addr == 192.168.0.1” to filter packets with a specific IP address.
Display summary information:
TShark can also display summary information about captured packets. User the ‘-z’ option followed by the summary type.
tshark -r captured.pcap -z "summary"
Replace “summary” with the desired summary type, such as ‘io,phs’ for the I/O and protocol hierarchy summary.
I will be adding more articles about Wireshark/TShark in the coming weeks, please stay tuned.
Aaron
·
June 24, 2023
·
Microsoft, CMD, Microsoft, robocopy
·
checking if destination exists before using robocopy to copy files, Checking if source and destination exist in robocopy script, how to use robocopy with powershell, PowerShell and Robocopy, Powershell using robocopy, robocopy, script for copying files and then sending and email, sending and email with powershell, Using powershell to copy files and then send and email
Here is a basic PowerShell script to copy files also checking if the source and destination locations exist. PowerShell will then send an email if the Robocopy process completed successfully.
Example:
@echo off
set "source=C:\SourceFolder"
set "destination=\\RemoteServer\SharedFolder"
set "smtpServer=smtp.example.com"
set "sender=sender@example.com"
set "recipient=recipient@example.com"
REM Check if source folder exists
if not exist "%source%" (
echo Source folder does not exist.
exit /b
)
REM Check if destination folder exists
if not exist "%destination%" (
echo Destination folder does not exist.
exit /b
)
REM Check if destination is accessible
dir "%destination%" >nul 2>&1
if not %errorlevel%==0 (
echo Destination folder is not accessible.
exit /b
)
REM Perform the copy operation
robocopy "%source%" "%destination%" /E /COPYALL /R:3 /W:10 /MT
REM Check Robocopy exit code
if not %errorlevel%==0 (
echo Robocopy encountered an error.
exit /b
)
REM Send email notification
powershell.exe -ExecutionPolicy Bypass -Command "Send-MailMessage -From '%sender%' -To '%recipient%' -Subject 'Robocopy Complete' -Body 'Robocopy operation completed successfully.'"
exit /b
Let’s breakdown some of the variables in the script:
- ‘source’: Path of the local source folder.
- ‘destination’: Path of the remote destination folder.
- ‘smtpserver’: SMTP server address for sending email.
- ‘sender’: Email address of the sender.
- ‘recipient’: Email address of the recipient.
So, after the Robocopy operation finishes, the script checks the Robocopy exit code, if the exit code is a success, the script will proceed to send and email using PowerShell ‘Send-EmailMessage’ cmdlet. Please feel free to customize it, you also might need to add variables for mail port and possible username and password of the email sender.
You will also need adjust the execution policy of PowerShell (‘Set-ExecutionPolicy Unrestricted’) if needed.
Aaron
·
June 22, 2023
·
Microsoft, robocopy
·
Coping files without deletion, Fast script for coping files to a remote location, Fun with robocopy, how to use robocopy, robocopy, unreal-labs, www.unreal-labs.com
Today I am going to provide an example of a Robocopy script I use to copy files, retain security, attributes and provide multi-treaded copying for improved performance.
Script:
robocopy <source> <destination> /E /COPYALL /R:1 /W:5 /MT
Let’s break down the options used in this command.
- <source>: The path the source directory you want to copy from.
- <destination>: The path to the destination directory you want to copy to.
Options used:
- /E : Copies all subdirectories, including empty ones
- /COPYALL : Copies all file information, including timestamps, Security Attributes and ownership.
- /R:1 : Specifies the number of retries on failed copies (1 in this example)
- /W:10 : Specifies the wait time between retries in seconds (5 seconds in this example)
- /MT :Enables multi-threaded copying, which improves performance by utilizing multiple threads.
Example:
robocopy C:\DataFiles \\RemoteServer\SharedFolder /E /COPYALL /R:1 /W:5 /MT
In this example, all files and subdirectories from ‘C:\DataFiles’ will be copied to the remote location on another server ‘\\RemoteServer\SharedFolder’ without deleting any files. I hope this example helps someone that needs a quick script to copy files to a local or remote location using a fast copy method. You can speed the copy up if you remove /R:1 and /W:5, robocopy will just skip over files that are locked or cannot be copied.
Aaron
·
June 20, 2023
·
Microsoft, CMD, Microsoft, robocopy, Uncategorized
·
Copying files using the command prompt, copying lots of files, How to copy files, how to really copy files, Network file copy, robocopy, unreal-labs, using powershell to copy files, using robocopy to copy files
Robocopy (Robust File Copy) is a powerful command-line tool in Windows used for advanced file and folder copying operations. Robocopy provides more control and flexibility compared to copy commands like ‘copy’ or ‘xcopy’. Robocopy has is really useful for tasks such as mirrioring directories, backing up files, or syncing files/folders between different locations. I will provide you with some basic examples on how to use Robocopy today.
Basic Robocopy command:
robocopy <source> <destination>
This command copies files and sub-directories from the source directory to the destination directory.
Example:
robocopy C:\SourceFolder D:\DestinationFolder
This command copies all files and sub-directories from ‘C:\SourceFolder’ to ‘D:\DestinationFolder’
Mirror a directory:
robocopy <source> <destination> /MIR
The ‘/MIR’ option mirrors the source directory to the destination directory, which means it copies files and sub-directories and also removes any files or directories in the destination that no longer exist in the source.
Example:
robocopy C:\SourceFolder D:\DestinationFolder /MIR
This commands mirrors ‘C:\SourceFolder’ to ‘D:\DestinationFolder’, copying any new or changing files and deleting any files or directories in the destination that don’t exist in the source.
Copy files in restartable mode:
robocopy <source> <destination> /Z
The ‘/Z’ option enables restartable mode, which allows the copying process to resume from the point of it was interrupted.
Example:
robocopy C:\SourceFolder D:\DestinationFolder /Z
Like the examples above this command copies files from ‘C:\SourceFolder’ to ‘D:\DestinationFolder’ but this time it’s in a restartable mode.
The last example for today is how to just copy new or changed files, which will prevent files in the destination directory from being overwritten. So only files that are newer or don’t exist are going to exist in the destination folder.
Copy only new or changed files:
robocopy C:\SourceFolders D:\DestinationFolder /XO
I will start adding some advanced methods I use Robocopy for in a production environment, but this tool is just so handy for even backing up personal computers to a NAS or other storage device. Thanks for reading and have a wonderful day!
Aaron
·
June 20, 2023
·
Microsoft, CMD, Microsoft
·
CMD, cmd prompt, Desktop tips, how to map network drives on Windows, Mapping drives, mapping drives the easy way, mapping network drives, powershell, unreal-labs, Windows 10 drive mapping
Here are three methods specifically for mapping a network drive on a Windows machine.
Using File Explorer
- Open File Explorer by pressing Win + E.
- Click on “This PC” in the left sidebar.
- In the top menu, click on “Map Network Drive”.
- Choose a drive letter from the drop down menu.
- In the “Folder” field, enter the network path of the shared folder you want to map.
- Check the box “Reconnect at sign-in” if you want the map drive to be connecting after you reboot the computer.
- Click “Finish” to complete the drive mapping.
Command Prompt:
- Open Command Prompt by pressing Win + R, typing “cmd” and pressing Enter.
- In the Command Prompt window, type the following command and press Enter.
net use <drive-letter>: \\server\sharedfolder
Replace <drive-letter> with the letter you want to assign to the network drive (e.g., Z:), and \\server\sharedfolder with the actual network path.
- If prompted, provide the username and password for the network location.
- The network drive should now be mapped and accessible through the drive letter you have chosen.
Powershell:
- Open PowerShell by pressing Win + X and selecting “Windows Powershell” or “Windows PowerShell (Admin).”
- In the PowerShell window, type the following command and press Enter.
New-PSDrive -Name <drive-letter> -PSProvider FileSystem -Root \\server\sharedfolder
- If Prompted, provide the username and password for the network location.
- The network drive should now be mapped and available through the drive letter you have chosen.
I have provided you with some ways of mapping a network drive on a Windows system, but remember to replace \\server\sharedfolder with the actual network path you would like to map.
Aaron
·
September 11, 2020
·
Microsoft
·
mapped drives, mountvol, net use, netuse, smb, smb 1.0, unmount mapped drive, Using mountvol, What is mountvol, Windows 10 drive mapping issues
I ran into some issues with the latest Windows 10 update 2004. It was causing their file browser to freeze when opening. I tried multiple times to unmount using “Net use ‘drive/unc’ /delete /y”. So I finally ran across an article about using MOUNTVOL to remove volume mount point directories and registry settings. It worked like a charm, so I figured I would post this.
MOUNTVOL [drive:]path VolumeName
MOUNTVOL [drive:]path /D
MOUNTVOL [drive:]path /L
MOUNTVOL [drive:]path /P
MOUNTVOL /R
MOUNTVOL /N
MOUNTVOL /E
path specifies the existing NTFS directory where the mount
point will reside.
VolumeName Specifies the volume name that is the target of the mount
point.
/D Removes the volume mount point from the specified directory.
/L Lists the mounted volume name for the specified directory.
/P Removes the volume mount point from the specified directory,
dismounts the volume, and makes the volume not mountable.
You can make the volume mountable again by creating a volume
mount point.
/R Removes volume mount point directories and registry settings
for volumes that are no longer in the system.
/N Disables automatic mounting of new volumes.
/E Re-enables automatic mounting of new volumes.
Unreal Labs 