Search for specific text in files on a location

Sometimes a administrator is forced to do some cleaning up that should have been done a million years ago. When previous administrators have left you a nice bucket of history in your environment. A customer of mine used to have a few fileservers around that aren’t there anymore. In DNS those names are resolving to a new CIFS server. However that location is going to change again and now we are forced to clean up that old mess. Of course I’m not going to do the job of opening a few hundred thousand .ini, .config, .cfg and so forth myself. I created a script that does the job and can be delegated to someone else who has more time than me.

Clear
$Outputdir = \\Outputdirpath


$Location = Read-Host "Voer het volledige DFS pad in, in UNC Format bijvoorbeeld:\\DFSFolder"
$TestResult = Test-Path $Location
While ($Testresult -ne $true){
write-host "De opgegeven locatie bestaat niet. Voor opnieuw in" -b Black -f Red
$Location = Read-Host "Voer de DFS Locatie in in UNC Format bijvoorbeeld:\\DFSFolder"
$TestResult = Test-Path $Location}

$Extensions =@(Read-Host 'Voer een extensie in.De Extensie moet een . bevatten')
While ($Extensions -notmatch "."){$Extensions =@(Read-Host 'Voer een extensie in.De Extensie moet een . bevatten')}
$Choice = $null
While ($Choice -notmatch "[y|n]"){$Choice = read-host "Wilt u nog een Extensie toevoegen (Y/N)"
If ($Choice -match "Y"){While ($Extension -notmatch "."){$Extension =(Read-Host 'Voer een extensie in')}
$Extension += $Extension
$Choice = $Null}}

Remove-Variable Choice
$MatchList =@(Read-Host 'Voer een waarde in waaraan voldaan moet worden. Voor een drive mapping is een dubbele backslash vereist')
$Choice = $null
While ($Choice -notmatch "[y|n]"){$Choice = read-host "Wilt u waarde opgeven (Y/N)"
If ($Choice -match "Y"){$MatchItem =(Read-Host 'Voer een waarde in waaraan voldaan moet worden. Voor een drive mapping is een dubbele backslash vereist')
$MatchList += $MatchItem
$Choice = $null}}

$PathName = GI $Location
If ($PathName.Parent.Name -eq $Null){$ExportFile = "$OutputDir\ContentExport-"+ $PathName.Name + ".csv"}
If ($PathName.Parent.Name -ne $Null){$ExportFile = "$OutputDir\ContentExport-"+ $PathName.Parent.Name +"-"+ $PathName.Name +".csv"}

$List = gci $Location -Recurse | Where {$Extensions -match $_.Extension}
Foreach ($Item in $List){$Content = Get-Content $Item.fullname
$Pad = $item.fullname
Foreach ($Extension in $Extensions){If ($Content -match $Extension){Add-Content -Value  "Er is een verwijzing naar $Extension gevonden in: $Pad" -Path $Exportfile}}}

For those who do not speak Dutch very well. If you are searching for a drive mapping you should enter a double slash. The rest you’ll have to find out yourself 😉

Office 2010,2013 activation problem

For a customer I prepared an image. This image contained  a 32 bit version of Office 2010. I needed to enter a key for the installation. At that point I did not had access to their  volume licensing. I wanted to complete the image as soon as possible. That is why I entered a MSDN key. I was unaware at that point that this would cause many problems. First of all the deployed image at that point didn’t accept MAK keys. When I entered the MAK key I received an error that the key was incorrect. After an hour of troubleshooting I downloaded the VL version of Office 2010. I clicked on install. After install Office 2010 accepted my key. However it didn’t activate. I had to call Microsoft Activiation Center in order to activate the key. I asked them why automatic activation did not work. They said that I had to contact MSDN Activation Support. I put the two together and knew that this was caused by the MSDN key that somewhere was activated. I looked for an activation key in the registry somewhere. After deleting some keys I could activate. The keys are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Registration

And if you installed the 32 bit Office 2010:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\Registration

Do this before you install Office 2010 VL.

Find old share names in files on Apps share

A client was talking about how he couldn’t quit sharing a certain share in his Citrix environment. There were to many connections still to that share. So I suggested that I could help him by making a script that looks for certain values in .ini, .log, .cmd, .bat, .cfg, .config etc files. You can adjust this to your own preference.

I did a check of the drive mapping G:\. Please note that a lot of log files contain Logging: which matches G:. That is why I did a match on G:\. In Powershell the ‘\’ character  is an expression followed by a special character which in this case will be \. That is why you need a double slash.

$Locatie = "\\ShareName" 
$Exportfile = ".\Exportfile.csv"
$List = gci $Locatie -Recurse | Where {$_.Extension -match ".ini" -or $_.Extension -match ".cfg" -or $_.Extension -match ".config" -or $_.Extension -match ".inc" -or $_.Extension -match ".bat" -or $_.Extension -match ".cmd" -or $_.Extension -match ".log" -or $_.Extension -match ".txt"}
Foreach ($item in $list){$Content = Get-Content $item.fullname
$Pad = $item.fullname
If ($Content -match "G:\\"){Add-Content -Value  "Er is een verwijzing naar G:\ gevonden in: $Pad" -Path $Exportfile}
If ($Content -match "G:/"){Add-Content -Value  "Er is een verwijzing naar G:/ gevonden in: $Pad" -Path $Exportfile}
If ($Content -match "ServerName1"){Add-Content -Value  "Er is een verwijzing naar ServerName1 gevonden in: $Pad" -Path $Exportfile}
If ($Content -match "ServerName2"){Add-Content -Value  "Er is een verwijzing naar ServerName2 gevonden in: $Pad" -Path $Exportfile}
If ($Content -match "ServerName3"){Add-Content -Value  "Er is een verwijzing naar ServerName3 gevonden in: $Pad" -Path $Exportfile}
If ($Content -match "ServerName4"){Add-Content -Value  "Er is een verwijzing naar ServerName4 gevonden in: $Pad" -Path $Exportfile}
If ($Content -match "ServerName5"){Add-Content -Value  "Er is een verwijzing naar ServerName5 gevonden in: $Pad" -Path $Exportfile}
If ($Content -match "ServerName6"){Add-Content -Value  "Er is een verwijzing naar ServerName6 gevonden in: $Pad" -Path $Exportfile}}

Get file size of old files on a fileserver

So I was at a costumer. They wanted an export of the file size that files older than 7 years populate on the file server. I made a very simple script that does the job.

$Locatie = "D:\"
#Verander het cijfer om het aantal jaar aan te passen
$Datum = (Get-Date).AddYears(-7)
$Outfile = ".\Output.txt"
$List = @(GCI $Locatie -Recurse | Where {$_.LastWriteTime -lt $Datum})
$Outinfo = "De lijst bevat "+ $list.count +" bestanden"
Add-Content -Path $Outfile -Value $Outinfo
$Bytes = 0
ForEach ($Item in $List){($Bytes=$Bytes + [int]$Item.length)}
$Outinfo = "De Bestanden bevatten $Bytes bytes"
Add-Content -Path $Outfile -Value $Outinfo
$Outinfo = "Dat is "+ $Bytes/1048576 +" MegaBytes"
Add-Content -Path $Outfile -Value $Outinfo

Synology VPN L2TP IPSEC

You can install a VPN Server on a Disk Station or Rack Station Synology NAS. When you configure a PPTP setting you can connect from any device without much configuration. However when you want a more secure solution you can choose for L2TP. When you open the correct ports on your router and Synology firewall you can connect from any iOS, Mac OS X, Android and even Windows Phone device. However Windows assumes that you always connect with a direct internet line (so without NAT) to a Internet Server (so without NAT). There is not other configuration. Now in my case I’m mostly behind a NAT device and my Synology most definitely is behind a NAT router. So you have to change some settings in the register and reboot before this works. Microsoft has made a KB for it. In this KB they refer only Vista and Server 2008 as being applicable. But Windows 7, 8, 8.1 , Server 2008 R2, Server 2012 and Server 2012 R2 are also affected. If you configure Windows as specified in the KB you can successfully connect to your Synology.

App-v 5 and Citrix Provisioning

An administrator here came to me and asked me about how to Powershell around a problem with the App-V 5.0 Client Cache directory. The implementation configured is that App-V uses a folder on the D disk. This disk is dedicated. It is not on the distributed Vdisk. When the server reboots the cache becomes corrupted and the App-V service does not start. A sync is necessary in order to start the App-V 5.0 service. I made a script that clears a few reg values, deletes the App-v Client Connection Groups, App-V Client Packages, the AppV folder in Programdata and the entire folder on the D disk.

I handed over the script to the administrator and asked him to create a scheduled task that run at system startup. The reason for  running the script this way, is that creating a GPO that run a Powershell script will not statisfy the required security context. The SYSTEM account doesn’t have enought permissions to complete the script. PSRemoting will not work either. When running the script on another server with the Invoke-Command -Scriptblock {} fails. This is probably due to a bug in App-V. The account has enough rights and UAC is disabled. Yet all attempts fail. Please review the script before implementing

 

<#Script Variables#>
$ServiceName = "AppVClient"
$ProgramDataAppV = "C:\ProgramData\Microsoft\AppV"
$AppVData = "D:\App-V 5.0"

<#Regvalues#>
$Regvalues=@()
$Regvalues +=@{Regvalue="HKLM:\SOFTWARE\Microsoft\AppV\Client\PackageGroups"}
$Regvalues +=@{Regvalue="HKLM:\SOFTWARE\Microsoft\AppV\Client\Packages"}
$Regvalues +=@{Regvalue="HKLM:\SOFTWARE\Microsoft\AppV\Client\Streaming\Packages"}

#Service stoppen om Program Data te verwijderen.
$State = Get-Service $ServiceName
If ($State.status -NotMatch "Stopped"){Stop-Service $ServiceName
Start-Sleep -s 5}
Remove-Item $ProgramDataAppV -force -recurse

#Verwijderen van de Registersleutels
Foreach ($item in $Regvalues){If ((Test-Path $item.Regvalue) -ne $True){Remove-item $item.regvalue -force -Recurse}}

#Service Starten om initiele synch uit te voeren zodat de D schijf wordt vrijgegeven.
$State = Get-Service $ServiceName
If ($State.status -Match "Stopped"){Start-Service $ServiceName
Start-Sleep -s 5}
Get-AppvPublishingServer | Sync-AppvPublishingServer

#Service Stoppen om Packages en AppvClientConnectionGroup te verwijderen.
$State = Get-Service $ServiceName
If ($State.status -NotMatch "Stopped"){
Write-Host Stoppen
Stop-Service $ServiceName
Start-Sleep -s 5}
Get-AppvClientConnectionGroup -all | Remove-AppvClientConnectionGroup
Get-AppvClientPackage -all | Remove-AppvClientPackage
Start-Sleep -s 10

#Service stoppen om App-v folder op de D schijf te verwijderen.
If ($State.status -NotMatch "Stopped"){Stop-Service $ServiceName
Start-Sleep -s 5}
Remove-Item $AppVData -Force -Recurse
Start-Sleep -s 10

#Check of de folder ook daadwerkelijk verwijderd is.
If ((Test-Path $AppVData) -eq $True){

#Proberen de D schijf leeg te krijgen door eerst te synchen
Get-AppvPublishingServer | Sync-AppvPublishingServer
Start-Sleep -s 5
$State = Get-Service $ServiceName
If ($State.status -NotMatch "Stopped"){Stop-Service $ServiceName
Start-Sleep -s 5}
Get-AppvClientConnectionGroup -all | Remove-AppvClientConnectionGroup
Get-AppvClientPackage -all | Remove-AppvClientPackage
Start-Sleep -s 10
Remove-Item $AppVData -Force -Recurse

#Laatste check op de D schijf om te kijken of de folder nu daadwerkelijk weg is.
If ((Test-Path $AppVData) -eq $True){
$Outinfo = "De App-V Data op de D Schijf is na twee pogingen niet succesvol verwijderd. Bekijk het logboek."
Add-Content -Value $Outinfo -Path "C:\ScriptFout.txt"
$Outinfo = Get-Date
Add-Content -Value $Outinfo -Path "C:\ScriptFout.txt"
}}

#Laatste Sync uitvoeren
Get-AppvPublishingServer | Sync-AppvPublishingServer

Renaming files and moving it to a different location

An OCE printer can only scan files to a FTP location with one name. There are no unique attributes that the Multifuctional printer can add to a file. This results in files being overwritten if not renamed immediately after being transferred. I’ve written a little script that is run every 5 seconds via Task Scheduler. This script renames files in a  unique format and then moves the file to some place else.

$Folder = "C:\Inetpub\FTProot\"
$Destination = "\\Ergensopdebozewereld"
$Applytime = (Get-Date).AddSeconds(-20)
$Content = @(gci $Folder | where {$_.LastWriteTime -lt $Applytime -and $_.PSIsContainer -eq $False})
Foreach ($item in $Content){$TEMP = $Item.LastWriteTime
$Time = Get-Date $TEMP -Format yyyyMMdd_HHmmss
$Name = $item.name.replace(".tif","")
Rename-Item -Path $Item.fullname -NewName "$Name_$Time.tif"
$Item = GI "$Folder\$Name_$Time.tif"
Move-Item -Path $Item -Destination $Destination -Force}

Remove old definitions

Symantec Endpoint Protection has a tendency to preserve definitions that are no longer needed. I’ve written a powershell script in three variations.

First is a powershell script that deletes any folders in the Virusdef above the count of 3. So if there are 4 folders with definitions it will delete the oldest.

$Servers =@( Import-CSV ".\Server.csv")
Foreach ($Server in $Servers){$Folders =@( gci "\\$Server\C$\Program Files\Common Files\Symantec Shared\VirusDefs" | Where {$_.PsIsContainer -and $_.Name -notmatch "Binhub" -and $_.Name -notmatch "Texthub"} | Sort CreationTime -Descending | Select -Skip 3})
ForEach ($Folder in $Folders){Remove-Item $Folder -Force -Recurse}

Second is a powershell script that deletes any folder in de Virusdef folder older than 2 days ago. Of course only definition folders not the other two folders.

$Datum = (Get-Date).AddDays(-2)
$Servers = @(Import-CSV ".\Server.csv")
Foreach ($Server in $Servers){gci -Path "\\$Server\C$\Program Files\Common Files\Symantec Shared\VirusDefs" | Where-Object { $_.PSIsContainer -and $_.CreationTime -lt $Datum -and $_.Name -notmatch "Binhub" -and $_.Name -notmatch "Texthub" } | Remove-Item -Force}

The last script is a combination of the above. It will any folder older than two days ago skipping the first. If a server hasn’t updated its definition it will not delete the active  definition.

$Datum = (Get-Date).AddDays(-2)
$Servers = @(Import-CSV ".\Server.csv")
Foreach ($Server in $Servers){gci -Path "\\$Server\C$\Program Files\Common Files\Symantec Shared\VirusDefs" -Recurse -Force | Where-Object { $_.PSIsContainer -and $_.CreationTime -lt $Datum } | Sort CreationTime -Descending | Select -Skip 1| Remove-Item -Force}

All Script require a script.csv file with servers. Just a header with Server. Neighter do you need any delimiters. Just a list with servers

You can replace import-csv with get-content as needed.

Replace text in local TNSNames.ora with Powershell

An administrator came to me today. Recently they had migrated from Oracle 10 to Oracle 11 and from HP UX to ODA (Oracle Database Appliance). Due to the fact that in this organization there are over 2000 databases, some applications wheren’t tested. In some cases application server look at the wrong TNSNames.ora. The request was to replace the text after host for the approriate host. I had the ‘luck’ that this request only included servers.

I created a that resolve his problem. The script contacts the ActiveDirectory for the list of “servers”. Then the script test if that server has an Oracle directory under C:\. Change this if you have Oracle installed under a different folder. Next there’s a check under the Oracle Directory for any folder that match Ora. These folders are included in an array. The next thing that will be checked is, if the TNSNames.ora exists in the usual folder. If that is the case the script continues. If it doesn’t exist the script will continue with the next folder or server.

Then the content of the TNSNames.ora will be loaded into the memory. The script renames the original TNSNames.ora to TNSNames.old. Or if that file is already in use in some other extension. Then all lines in the TNSNames will be check on the existance of few specific words and those words will be replaced with something else. At last the array NewTNSNames will be written to the location.

 

Import-Module ActiveDirectory
$ADComputers = Get-ADComputer -Filter * -Properties * | Where {$_.OperatingSystem -match "Server"}
$Computers =@()
ForEach ($ADComputer in $ADComputers){$ADComputer = $ADComputer.DNSHostName
If((Test-Path "\\$ADComputer\C$\Oracle") -eq $True){$Computers += $ADComputer}}
ForEach ($Computer in $Computers){$Folders =@( gci "\\$Computer\c$\Oracle\Ora*")
ForEach ($Folder in $Folders){If ((Test-Path "$Folder\Network\Admin\TNSNames.ora") -eq $True){$TNSNames = get-content "$Folder\Network\Admin\TNSNames.ora"
If ((Test-Path "$Folder\Network\Admin\TNSNames.old") -eq $False){Rename-item -Path "$Folder\Network\Admin\TNSNames.ora" -NewName "$Folder\Network\Admin\TNSNames.old"}
If ((Test-Path "$Folder\Network\Admin\TNSNames.NaChangeAugustus2014") -eq $False){Rename-item -Path "$Folder\Network\Admin\TNSNames.ora" -NewName "$Folder\Network\Admin\TNSNames.NaChangeAugustus2014"}
$NewTNSNames =@()
ForEach ($Item in $TNSNames){
If ($Item -match "odatst101a"){$NewTNSNames += $Item.replace("odatst101a","RobIsDeBarbecueKoning.local")}
If ($Item -match "odatst101b"){$NewTNSNames += $Item.replace("odatst101b","RobIsDeBarbecueKeizer.local")}
If ($Item -notmatch "odatst101a" -and $Item -notmatch "odatst101b"){$NewTNSNames +=  $Item}}
ForEach ($Item in $NewTNSNames){Add-Content -Value $Item -Path "$Folder\Network\Admin\TNSNames.ora" }}}}

Registry permissions of users by mistake overwritten

An administrator applied an GPO which overwrites the permissions on the registry of users by mistake.  This results in users who cannot login after they lost permissions on their ntuser.dat registry hive.

We had an immediate problem with the users so decided to restore the entire terminal profiles share. However you can choose to solve the problem. I’ve written a script really quite to at least know how big the problem really is.

We have PSremoting enabled on all terminal servers. Which gave us the posibility to run the script on the entire environment.

Import-Module ActiveDirectory
$Computers = Get-ADComputer -Filter * | Where {$_.Name -match "TERMINALSERVERPREFIX"}

Foreach ($Computer in $Computers){

Enter-Pssession $Computer
 
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS
 Set-Location HKU:
 $list = GCI
 $Hostname = Hostname
 $Export = "C:\Permissions"+"_"+"$Hostname"+".csv"
 Foreach ($item in $list){$ACLs = Get-ACL $Item.PSChildName | Foreach-Object { $_.Access }
 Foreach ($ACL in $ACLs){
 If ($ACL.IdentityReference -match "ADGROUP Or User"){$Value = $Item.Name + ";" + $ACL.IdentityReference + ";" + $ACL.AccessControlType + ";" + $ACL.IsInherited + ";" + $ACL.InheritanceFlags + ";" + $ACL.PropagationFlags + ";" + $ACL.FileSystemRights
 Add-Content -Value $Value -Path $Export}}}
 Set-Location C:
 Copy-Item -Path $Export -Destination "\\Shared Location"

}

This writes back the SID on which an Active Directory Group had permissions on. You can of course use the information given but you have the compare the SID’s with your Active Directory SID.

Exporting the SID’s of your AD can be done by running the following code:

Import-Module ActiveDirectory
$Export = "C:\SIDS.csv"
$List = Get-ADUser -filter * | Select Name,SID
$Header = "Name;SID"
Add-Content -Value $Header -Path $Export
Foreach ($Item in $list){
$Outinfo = $item.Name + ";" + $Item.SID
Add-Content -Value $Outinfo -Path $Export}

Or

Import-Module ActiveDirectory
$Export = "C:\SIDS.csv"
$List = Get-ADUser -filter * | Select Name,SID
$list | Export-CSV -Path $Export -Delimiter ";" -NoTypeInformation