Tuesday, March 31, 2009

Monitoreo de Event Viewers de servidores remotos en Windows 2003.

Que tal,

Les comparto como poder monitorear event viewers de servidores Windows 2003 sin necesidad de permisos administrativos.

1. Obtener el SID del grupo o usuario al que se le quieren asignar los permisos, para esto correr el comando wbinfo -n "dominio\cuenta" en un servidor linux que tenga samba y que esté integrado al dominio, se puede obtener tambien desde Windows, registrando el archivo acctinfo.dll (regsvr32 acctinfo.dll) que viene incluido en el Resource Kit de Windows 2003, abriendo la consola de Active Directory Users and Computers y entrando a las propiedades de la cuenta o grupo.

2. Formar la cadena de permisos de la siguiente manera:

(;;;;;)

Por ejemplo:

(A;;0x1;;;S-1-2-21-1283441307-3045887142-1639236238-20210)

Con esta cadena se asignan permisos (A) de lectura (0x1) al grupo: midominio\grupo (1283441307-3045887142-1639236238-20210).

3. Asignar los permisos en los event viewers correspondientes, para esto hay que agregar la cadena obtenida en el paso anterior en la llave CustomSD que correspondan a los event viewers, la ruta en donde se encuentra este parámetro (en el registry) es:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\\CustomSD

Es importante que se agreguen los permisos, no se sustituya la llave existente, porque ocasionaría serios problemas.
Espero que les sirva.

Thursday, March 12, 2009

Finding folders with specific dates old using the name.

Hi,
Recently, I had to do a script that finds all folders in a directory who have a certain number of days, each folder has a date, with format YYYYMMDD, and I had to find all folders that were X numbers of days old to move it to another folder.

After spending some time figuring out how can I could that, I will share with you the main function that I used and that is working right now.

The most tricky part was to validate that the folder was a valid date.
Well this is how I did it:

$dtout=New-Object datetime
$GciFiles = get-childitem $Path | where-object { $_.PsIsContainer -and $_.Name -match '^20[0-9][0-9][0-1][0-9][0-3][0-9]$' -and ([datetime]::tryParseExact($_.Name,"yyyyMMdd",[System.Globalization.CultureInfo]::EnglishName,[System.Globalization.DateTimeStyles]::None,[ref]$dtOut)) } | Where-Object { ((get-date) - [datetime]::parseexact($_.Name,"yyyyMMdd",$null)).days -ge $days } | Select-Object name


First, I declared a variable named dtout, so I could use it later, then I use the variable GciFiles to store the return of the gci(I know I could do that in a single line, but I wanted that way):

$GciFiles = get-childitem $Path

Then, the result of the gci, I filter only the folders and the folders whose name had the correct format, and using the function tryParseExact, I can validate that the date.

$GciFiles = get-childitem $Path | where-object { $_.PsIsContainer -and $_.Name -match '^20[0-9][0-9][0-1][0-9][0-3][0-9]$' -and ([datetime]::tryParseExact($_.Name,"yyyyMMdd",[System.Globalization.CultureInfo]::EnglishName,[System.Globalization.DateTimeStyles]::None,[ref]$dtOut)) }

Then, after I validated the date and the date was valid, I obtain the number of days from the folder's day to today and if that number is greater or equal the $days parameter the name is selected:

$GciFiles = get-childitem $Path | where-object { $_.PsIsContainer -and $_.Name -match '^20[0-9][0-9][0-1][0-9][0-3][0-9]$' -and ([datetime]::tryParseExact($_.Name,"yyyyMMdd",[System.Globalization.CultureInfo]::EnglishName,[System.Globalization.DateTimeStyles]::None,[ref]$dtOut)) } | Where-Object { ((get-date) - [datetime]::parseexact($_.Name,"yyyyMMdd",$null)).days -ge $days } | Select-Object name