Search an offline Windows event/application log quickly

October 22, 2014 Leave a comment
get-winevent -FilterHashTable @{path="pathto:\dc4secevent.evtx";logname='Security';ID=628}

Apply auto-approval rules to new classifications in WSUS

October 17, 2014 Leave a comment

Okay, so not exactly what I said above, but you can use Powershell to approve updates that match some classification, OS, and/or product matching your auto-approval rules (although you will have to know your auto-approval rules).

You can use where-object to specify which Microsoft.UpdateServices.Commands.WsusUpdate objects to pipe into `approve-wsus` as follows.

This makes approving all updates for newly selected products or OSes much easier than going through the GUI and manually approving each for Install.

Here is an example of approving all updates for Windows 2012:

import-module updateservices
Get-WsusUpdate -Classification Critical -Approval Unapproved -Status FailedOrNeeded | where {$_.products -like "*2012*"} | approve-wsusupdate -action install -targetgroupname "All Computers" -whatif
Get-WsusUpdate -Classification Security -Approval Unapproved -Status FailedOrNeeded | where {$_.products -like "*2012*"} | approve-wsusupdate -action install -targetgroupname "All Computers" -whatif
Get-WsusUpdate -Classification all -Approval Unapproved -Status FailedOrNeeded | where {$_.products -like "*2012*" -and $_.classification -like "Updates"} | approve-wsusupdate -action install -targetgroupname "Servers" -whatif

Can’t find much in the way of the Microsoft.UpdateServices.Commands.WsusUpdate class, so here are the available fields to filter on (using -like or -contains as per the type definition):

Approved                           Property   string Approved {get;}
Classification                     Property   string Classification {get;}
ComputersInstalledOrNotApplicable  Property   int ComputersInstalledOrNotApplicable {get;}
ComputersNeedingThisUpdate         Property   int ComputersNeedingThisUpdate {get;}
ComputersWithErrors                Property   int ComputersWithErrors {get;}
ComputersWithNoStatus              Property   int ComputersWithNoStatus {get;}
InstalledOrNotApplicablePercentage Property   int InstalledOrNotApplicablePercentage {get;}
LanguagesSupported                 Property   System.Collections.Specialized.StringCollection LanguagesSupported {get;}
LicenseAgreement                   Property   string LicenseAgreement {get;}
MsrcNumbers                        Property   System.Collections.Specialized.StringCollection MsrcNumbers {get;}
MustBeInstalledExclusively         Property   bool MustBeInstalledExclusively {get;}
Products                           Property   System.Collections.Specialized.StringCollection Products {get;}
Removable                          Property   bool Removable {get;}
RestartBehavior                    Property   string RestartBehavior {get;}
Update                             Property   Microsoft.UpdateServices.Administration.IUpdate Update {get;}
UpdateId                           Property   string UpdateId {get;}
UpdatesSupersededByThisUpdate      Property   System.Collections.Specialized.StringCollection UpdatesSupersededByThi...
UpdatesSupersedingThisUpdate       Property   System.Collections.Specialized.StringCollection UpdatesSupersedingThis...

Produce and analyze a process crash dump

October 10, 2014 Leave a comment

Internet Explorer frustrations of the week

October 1, 2014 Leave a comment

Did you know the your ActiveX might be crashing iexplorer.exe with a BEX error, since it’s 32-bit and IE is 64-bit? Yep, that happens.

“But I tried, and it doesn’t let me start 32-bit iexplorer!” you exclaim between tears. Yep, that happens.

Also, did you know that 302 redirects inter-security zone fail, with nothing but a white page returned (remove or add the source and destination sites to Trusted Sites list)? Yep, that happens.

Satan creates Connector Tool in Visio

September 26, 2014 Leave a comment

The combo of Visio’s Connector tool with the snap to and glue features are a tool of Satan.

To disable snap to and glue functionality:
1) right-click on the ribbon
2) Customize quick access toolbar
3) Choose from: All Commands
4) Add “Snap & Glue”
5) Open Snap & Glue options via the new button at the top of your Visio window
6) Uncheck Snap and Glue

IOC ingestion

September 26, 2014 Leave a comment

Check out the Collective Intelligence Framework for consolidated feed of threats and IOCs.

Quick Link: RPC Client Access in Exchange 2010

September 23, 2014 Leave a comment

Get every new post delivered to your Inbox.

Join 36 other followers

%d bloggers like this: