250000 Downloads in Technet Script Gallery

Jaap Brasser - TechNet Script GalleryApproximately one year ago I saw the number of downloads tick over a hundred thousand, today my total downloads from the TechNet Script Gallery has reached 250,000.  To celebrate this milestone I have uploaded all of the scripts I have stored in the TechNet Script Gallery also to GitHub to simplify the updating and collaboration with others.

My personal preferred method of installing and sharing scripts is by using the PowerShell Gallery, which is available at PowerShellGallery.com or by using the PowerShellGet cmdlets, for example the following two lines of code can find the scripts and modules I have currently posted:

1
$(Find-Script;Find-Module).Where{$_.Author -match 'Jaap Brasser'}

FindModuleandScripts

The complete list of my scripts is now available on GitHub:
Jaap Brasser – GitHub – SharedScripts
Jaap Brasser - GitHub - SharedScripts

And also in the TechNet Script Gallery:
Jaap Brasser – TechNet Script Gallery

As I personally mostly see benefit in sharing of modules and not so much single scripts and function I am working on converting some of the scripts I have written into modules and once they are finalized I will upload those to the PowerShell Gallery as well. So my question to the community is as follows, which improvements are you most interested in or what would you like to see next?

Feel free to use the comment section underneath this post to share your ideas or feedback. That is it for now, until the next milestone!

250,000 Downloads
My TechNet Community Profile
My entries in TechNet Script Gallery
Jaap Brasser – GitHub Profile
Jaap Brasser – PowerShell Gallery

Retrieve Certificate from Event log binary data

As I was looking into some errors in my event log I found that I had a number of certificate errors in the event log. In order to investigate this further I wanted to take a look at the certificate in the event log. There are a number of tools available to extract this from the event log but I wanted to be able to automate this in the future so I settled on writing this in PowerShell.

I had the following events in my system event log:

Event

The interesting portion is what is stored in the XML, specifically EventData – Binary:

XMLView

In order to retrieve this event using PowerShell we can run the following code:

1
Get-WinEvent -FilterHashtable @{'Logname' = 'System' ; 'Id' = 36882} -MaxEvents 1

Get-WinEvent

In order to retrieve the binary data we can run the following code:

1
2
3
4
5
([xml](Get-WinEvent -FilterHashtable @{
        'Logname' = 'System'
        'Id' = 36882
    } -MaxEvents 1).ToXml()
).Event.Eventdata.Binary

The binary data is encoded as pairs of hexadecimal numbers, so this needs to be converted before we can write this to disk. In order to do this we split the string into pairs of two and then do a conversion using the ToByte method of the System.Convert class:

1
2
3
4
5
6
7
8
9
10
(
    ([xml](Get-WinEvent -FilterHashtable @{
            'Logname' = 'System'
            'Id'      = 36882
        } -MaxEvents 1).ToXml()
    ).Event.Eventdata.Binary -split '(..)' |
    Where-Object {$_} | ForEach-Object {
        [system.convert]::ToByte($_,16)
    }
)

Now that we have PowerShell output an array of bytes we are ready to write the output of the event log to file. Because we know this should be a certificate all we have to do is write this to a .cer file and we will have a working certificate:

1
2
3
4
5
6
7
8
9
10
11
12
13
[System.IO.File]::WriteAllBytes("$env:USERPROFILE\desktop\EventCert.cer",
    (
        (
            [xml](Get-WinEvent -FilterHashtable @{
                'Logname' = 'System'
                'Id'      = 36882
            } -MaxEvents 1).ToXml()
        ).Event.Eventdata.Binary -split '(..)' |
        Where-Object {$_} | ForEach-Object {
            [system.convert]::ToByte($_,16)
        }
    )
)

Now the following functional certificate will be available on the desktop:

EventCert

So there we have it, in this article we have identified the event that contains a certificate that. Afterwards we went into the xml of this event and retrieved the binary eventdata, converted this to a byte array and then wrote this to file.

QuickTip: Get Domain Name of Computer

In PowerShell it is relatively trivial to retrieve the domain for the logged in user, as this is stored in the environment variable. In multi-domain environments it is often the case that the user account is a member of the same domain as the computer account. To retrieve the domain name of the current computer the following command can be executed:

1
[System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties()

ComputerDomainName

To only retrieve the Domain Name the following command can be used:

1
[System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties().DomainName

For more information about the GetIPGlobalProperties method and the IPGlobalProperties class please refer to the following article:
MSDN – IPGlobalProperties

Quickly and securely storing your credentials – PowerShell

During the last PowerShell event I quickly demo’ed the Export-CliXml functionality to quickly, easily, and most importantly, securely store credentials to a file. In this article I will describe the following three steps:

  • Store credentials in a variable
  • Export the variable to a file
  • Import the credential object from the file into a variable

To get a credential object we can either manually create one or use the Get-Credential cmdlet to prompt for the account details:

1
$Credential = Get-Credential

To store the credentials into a .cred file:

1
$Credential | Export-CliXml -Path "${env:\userprofile}\Jaap.Cred"

And to load the credentials from the file and back into a variable:

1
2
$Credential = Import-CliXml -Path "${env:\userprofile}\Jaap.Cred"
Invoke-Command -Computername 'Server01' -Credential $Credential {whoami}

StoreCredentials

The advantage of this methodology is that you can leverage the versitility of PowerShell to ensure that the data is not only exported, but also stored in a secure manner using secure strings. It should be noted that these credential files that are created can only be opened by the same user on the same system. It can be used to store any type of credentials, both local accounts and domain accounts can be saved in this manner.

Note that you are not limited to storing a single set of credentials in this manner, you could use any number of accounts, for example the following example will prompt for 3 different sets and store them in a hash table. This can then be exported/imported in a similar manner:

1
2
3
4
5
6
7
8
9
10
$Hash = @{
    'Admin'      = Get-Credential -Message 'Please enter administrative credentials'
    'RemoteUser' = Get-Credential -Message 'Please enter remote user credentials'
    'User'       = Get-Credential -Message 'Please enter user credentials'
}
$Hash | Export-Clixml -Path "${env:\userprofile}\Hash.Cred"
$Hash = Import-CliXml -Path "${env:\userprofile}\Hash.Cred"
Invoke-Command -ComputerName Server01 -Credential $Hash.Admin -ScriptBlock {whoami}
Invoke-Command -ComputerName Server01 -Credential $Hash.RemoteUser -ScriptBlock {whoami}
Invoke-Command -ComputerName Server01 -Credential $Hash.User -ScriptBlock {whoami}

Recap of first DuPSUG – PowerShell Saturday

Last weekend as DuPSUG we organized the first Dutch PowerShell Saturday. Within three days we had to instate a waiting list for attendees to sign up on, as we had run out of tickets. To meet the demand for this unique events, we were lucky enough to be sponsored by the following four companies: Platani, Sapien Technologies, PowerTheShell and Manning Publications.

During the event we had the following sessions and speakers:

Furthermore there was the PowerQuiz, a twenty-one question quiz to encourage team work and to put some energy back into the room after lunch. The questions and answers are available here:

PowerQuiz – PowerShell Quiz

PowerQuiz

For more information in regards to PowerShell Saturdays or if you are interested in hosting a similar event locally feel free to reach out as I am always happy to share out lessons learned from organizing this event.

For more information about the topics in this article please visit the links below:

Links in this article
PowerShell DSC and Windows Containers, the Perfect Match – GitHub
Lock down your System, no more Admins – GitHub
PowerQuiz – PowerShell Quiz
Dutch PowerShell User Group – DuPSUG