Thursday, February 9, 2017

Bypass PowerShell Execution Policy to Run Scripts

There are a bunch of ways to get around PowerShell's execution policy. My favorite is to use cmd.exe to run powershell.exe with a flag to bypass the system's execution policy.

powershell.exe -ExecutionPolicy Bypass -File path\to\script.ps1


Yes, it really is that easy.

Tuesday, December 6, 2016

Disable InsecureRequestWarning When Using Python Requests Module

DISCLAIMER: You should NOT send any sensitive traffic to untrusted hosts on the Internet. This is method should only be used for troubleshooting or if you have independently verified the identify of the server you are connecting to.

The Python Requests module is a pretty cool and easy way to establish HTTP/HTTPS connections. However, if you ever try to connect to a server using HTTPS and the certificate is not trusted, you will probably get an error that looks something like this:

>>> import requests
>>> r = requests.get('https://fullyqualifiedurl.com')
Traceback (most recent call last):
  File "", line 1, in 
  File "/usr/lib/python2.7/site-packages/requests/api.py", line 70, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/api.py", line 56, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 488, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 609, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 497, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

Before continuing on, I want to reiterate the disclaimer at the top of the page:

DISCLAIMER: You should NOT send any sensitive traffic to untrusted hosts on the Internet. This is method should only be used for troubleshooting or if you have independently verified the identify of the server you are connecting to.

Now that that's taken care of, the documentation for Requests says to pass the verify=False parameter when calling the requests.get method. Let's try that out:

>>> import requests
>>> r = requests.get('https://fullyqualifiedurl.com', verify=False)
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py:843: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)

Now we get a different error that has a link to documentation for urllib3. Since requests uses urllib3 under the hood, you need to disable certificate checking with urllib3 as well:

>>> import requests
>>> import urllib3
>>> urllib3.disable_warnings()
>>> r = requests.get('https://fullyqualifiedurl.com', verify=False)
>>> r.status_code
200

If you're still getting an error, it could be because your system is using the version of urllib3 that is bundled with requests. This should get things all squared away for you:

>>> import requests
>>> from requests.packages import urllib3
>>> urllib3.disable_warnings()
>>> r = requests.get('https://fullyqualifiedurl.com', verify=False)
>>> r.status_code
200


I think what python is doing behind the scenes is that if urllib3 is already installed, requests will use that version. But, if urllib3 is not already installed, requests will use its bundled version of urllib3. If you are writing code that might be used on different computers and you aren't sure what is installed, you can use this try/except block to import whichever version of urllib3 is applicable:

try:
    import urllib3
except ImportError:
    from requests.packages import urllib3

Monday, May 23, 2016

Disable Hibernate in Windows

Hibernate is a neat feature that is especially useful on laptops. Hibernate is different than sleep/standby in that with sleep/standby, the system shuts down most of the hardware, including the hard drive, but keeps the RAM powered to save the current state. This will (very) slowly drain the battery, but is extremely fast to resume. Hibernate saves the RAM state to hard disk and powers everything off. This is slower to resume than sleep/standby, but won't drain the battery and is still faster to resume than a full shutdown.

By default on Windows systems, hibernate is enabled. This includes servers, which should probably never enter hibernate state. The problem with hibernate, especially on older servers, is that the system reserves hard disk space large enough to store the contents of the RAM in the C:\hiberfil.sys file, which is a protected system file. If you have a small hard drive and a bunch of RAM, this can very quickly eat up a lot of valuable disk space. The only way to get this space back is to disable hibernate, which in most cases for servers, is a best practice anyway.

The easiest way to disable hibernate is to open a command prompt (cmd.exe) as administrator and run this command:
powercfg.exe -H off

Monday, May 16, 2016

Install ifconfig in RHEL or CentOS

Depending on the OS version and which configuration you selected during installation, you might discover that ifconfig is not installed by default in your new RHEL or CentOS build. Unfortunately, searching yum might not tell you the name of the package you need to install. I'll save you some looking, the package you need is called "net-tools."

You can install net-tools with this command:
# yum -y install net-tools

Monday, May 9, 2016

List All Domain Controllers for a Given Domain Using PowerShell

PowerShell is an awesome way to gather a bunch of useful information about the system you're on or the domains you're connected to.

This useful command will list all of the Domain Controllers for the given domain. Make sure to replace <domain> with your domain.
> Get-ADDomainController -Filter * -server <domain> | Select-Object name, domain

Monday, May 2, 2016

Use PowerShell To Delete Files Older Than

So you have a machine with a bunch of old files that are just taking up space and you want to quickly and easily clear them all out? PowerShell to the rescue. This command will delete all files in the current directory that were created more than 30 days ago. You can change the number of days based on your needs.
> Get-ChildItem | Where-Object{$_.CreationTime –lt (Get-Date).AddDays(-30)} | Remove-Item


Want to clear out the current directory AND all subdirectories? Add the -Recurse flag after Get-ChildItem.
> Get-ChildItem -Recurse | Where-Object{$_.CreationTime –lt (Get-Date).AddDays(-30)} | Remove-Item


Want to suppress any "are you sure" prompts? Add the -Recurse flag after Remove-Item.
> Get-ChildItem -Recurse | Where-Object{$_.CreationTime –lt (Get-Date).AddDays(-30)} | Remove-Item -Recurse

Monday, April 25, 2016

Determine PowerShell Version

PowerShell Cmdlets and syntax will sometimes vary from version to version. Its nice to have an easy way to check what version of PowerShell is installed on a system.There are a couple of ways to to this:
> $PSVersionTable.PSVersion

Major  Minor  Build  Revision
-----  -----  -----  --------
5      0      10586  122


Alternatively, you can also use the Get-Host command:
> (get-host).version

Major  Minor  Build  Revision
-----  -----  -----  --------
5      0      10586  122