Bonjour for MacOS Terminal

Every once in a while, you find something new (to you) that you want to save. Apparently the terminal app in MacOS Sierra (and OS X before) has a basic connection manager which will allow you to look for the Bonjour/avahi clients on the network to which terminal can connect.

If you are looking for something that keeps track of servers/connections via a GUI, Terminal.app will already do that for you. Launch it and then from the menu select Shell > New Remote Connection. This will give you a connections manager window.

http://apple.stackexchange.com/questions/52096/is-there-a-gui-ssh-client-for-os-x

A simple logging function

This is a very simple logging function that I use in quite a bit of my code. I used to write logging information to a variable, and the wrote the variable to a file at the end of the script, but this doesn’t work well if you abort the script while processing (Ctrl-C) or if the script fails before it finishes due to an unforeseen error.

So, this function was born. Note that it doesn’t have a lot of error checking – you should check to make sure that the log file location is writable BEFORE calling the function (it will create the file if it doesn’t exist, but only if it can write to that location).

I usually call it like this (with a sortable timestamp):

$timeStamp = (Get-Date -Format s).Replace(':', '-')
$LogFile = ".\someLogFileName-$($timeStamp).log"

Note that I’m modifying the ‘sortable’ time/date format to remove the colon since you can’t have a colon in a file name.
As I have it above, it writes the log file to the current directory – but you can specify any valid filespec.

Comparing AD group membership for two or more users (role-based security)

This one builds a dynamic array in two dimensions. It first iterates through all of the users, identifying all of the unique AD groups that contain at least one of the users. It then builds the array dynamically, for each group identifying which of the users are a member of the group.
The end output is a table of all of the group memberships in a format where a manager can easily compare group memberships for multiple people with given roles to make sure that they all have the appropriate security memberships.
The use case here is primarily for transitioning from ad-hoc security memberships to role-based security memberships.

As before, this works very well with the excellent ImportExcel module mentioned in the Scripting Guys blog, and available from the PowerShell Gallery.

You would use a command line like this:
.\Get-UserGroupMatrix.ps1 -SamAccountName user1,user2,user3 | Export-Excel -path c:\temp\groupreport-role.xlsx -TableName role -TableStyle Medium13 -AutoSize

Finding the sizes for subfolders in a parent folder

I came up with this to find the sizes of each subfolder (one level) in a parent folder. The primary use case is figuring out which users are using excessive amounts of space in their personal folders on a network share, but it’s not limited to that.
This will end up with data suitable for discussing with people (because most of the GUI tools give me pretty pictures, but aren’t really designed for sharing the results with your line manager or the individual users when you have the conversation about cleaning house).

It will report the size both in bytes (for sorting) and in GB/MB/KB/bytes (for ease of communicating), and will also identify the single largest file in each of the subfolders. Useful for when someone has zipped up their entire user folder on their computer and uploaded it to their personal folder…

Note that this works very well with the excellent ImportExcel module mentioned in the Scripting Guys blog, and available from the PowerShell Gallery.

In this case, you would use a command line like this:
.\Get-FolderSize.ps1 -path \\Server\Share\Path | Export-Excel -path c:\temp\pathreport.xlsx -TableName path -TableStyle Medium13 -AutoSize

Automated clean up after malware infection

We recently had an encounter with malware eventually identified as TrojanDownloader:Win32/Skidlo.AC. Unfortunately, the anti-malware didn’t identify it until the next day (and then not until I’d submitted a sample of one of the payloads). It went through several server directories, and in each it changed the subdirectories to hidden SIDs and then put in shortcut files which pointed to the payload (with a reference to the renamed folder).  This was enough for me to write a PowerShell script which was able to undo the damage (I manually nuked the hidden “$RECYCLE.BIN.randomnumber” folder that contained the payload).  We use Varonis DatAdvantage, so I was easily able to see which folders were affected and determine that the extent of the damage.  Luckily, no actual file contents were affected – it only affected the folders.

The code iterates through all of the files with a .lnk extension in a specified folder, and if the shortcut ‘s arguments include the text ‘$RECYCLE.BIN’, then it processes the shortcut.  It renames and unhides the folder for each, and then deletes the shortcut.

Hello, World!

I’m going to start working on publishing some of my non-specific Powershell snippets here, both so I can keep track of them and so others can find them.