Windows: What Group(s) Security Does My User Have

The Smart Panda - Windows

The Smart Panda - WindowsWindows Security – User Groups

So have you working in a windows environment and found yourself not able to access a specific directory because of windows security? Well I find many times when working on systems at clients that they have done some odd security things to their directory structures.  So the question becomes what groups does my user profile have access to so that I can determine what level of access I have to the directory(s) in question.

From the command line use this command:

gpresult /r

This will generate a extensive list of information but at the end it will show the “User Settings”

Smart Panda - gpresults command

Windows: Add An Network Drive from Command Line

Smart Panda - Network Drive

Smart Panda - Network DriveWindows Network Drive Mapping:

Every once and awhile you will be working away and with all the new protections in windows, you will have to run something as administrator. This is fine however, occassional that program you are running will require that you access a network drive. However, sometimes, you may not be able to access that network drive because of the privileges.  If the network drive is mapped as you the user, the administrator will not see the mapped drive that you have.

A nice and quick way to solve this problem is to map a network drive as the administrator.  To do this run the command line program (cmd) as administrator, which will give you the nice old fashion “DOS” window.  From here simply execute the command:

net use

This will list all the network drives that are mapped for the administrative user.  If you don’t see the drive you want add it:

net use {drive-letter} {unc-path}

so if you wanted the drive \\myserver\myshare to be mapped to the z: drive enter:

net use z: \\myserver\myshare


Smart Panda - IdeaIf you want to get fancy, you can add credentials and persistence with the following command:

net use {drive-letter} {unc-path} /user {user-name} {password} /P:Yes

 

Windows: Powershell Scripts are Disabled

Smart Panda Powershell

Smart Panda PowershellError: “File cannot be loaded because the execution of scripts is disabled on this system”.

Why I am using Powershell?  Oracle decided on the latest PeopleSoft Upgrade Management Images to change the methodology that they have been using since the beginning to a new method: “Powershell”.  So the very first system we try it on has a policy in place that won’t let us run powershell scripts that are untrusted.

With a couple of google searches we found that it is very easy to fix.  In the Powershell window execute the following command:

set-executionpolicy unrestricted

Now when you run the script you will find that you will be prompted to trust the script but once you trust the script you are good to go.

 

Happy Powershelling…..

Windows: Windows Firewall Tidbits

Smart Panda - Firewall Dude

Smart Panda - Firewall Dude

Windows Firewall

Over the years, protection has become increasingly more and more difficult to avoid.  It is everywhere, we have high end firewalls to let you, we have high end firewalls to let you out, we have firewalls within firewalls to protect other firewalls, and we also have firewalls on the servers themselves.  Sometimes you spend hours trying to figure out why something is not communicating to something else, and it turns out the good old Windows Firewall is causing your problem.  On the Unix Systems you may encounter firewall rules via the iptables security configuration, but that is another story.

A few weeks ago, while troubleshooting a connection issue, I found an article:  Top 10: Windows Firewall netsh commands and I was very pleased that I had. If you ever try to work through all the rules in Windows Firewall, you will be there awhile.

Tip #1: Turn off Windows Firewall – fastest way to determine if WFW is the problemSmart Panda - Idea

netsh advfirewall set allprofiles state on netsh advfirewall set allprofiles state off

Tip #2: Query Windows Firewall

netsh advfirewall firewall show rule name=all

Tip #3: Enable/Disable Ping

Disable: netsh advfirewall firewall add rule name=”All ICMP V4″ dir=in action=block protocol=icmpv4
Enable: netsh advfirewall firewall add rule name=”All ICMP V4″ dir=in action=allow protocol=icmpv4

Tip #4: Add/Remove a Specific Port Rule (i.e. For 1521 Oracle DB)

netsh advfirewall firewall add rule name=”Open Oracle DB Port 1521″ dir=in action=allow protocol=TCP localport=1521
netsh advfirewall firewall delete rule name=”Open Oracle DB Port 1521″ protocol=tcp localport=1521

Tip #5: Enable RDC Remote Desktop Connection

netsh advfirewall firewall set rule group=”remote desktop” new enable=Yes

Tip #6: Export/Import Firewall Settings (Same Rules – Multiple Machines)

netsh advfirewall export “C:\WFW-configuration.wfw”
netsh advfirewall import “C:\WFW-configuration.wfw”

HTTP Port In Use Already

What do you mean the Web Server can’t start

httpsThere is nothing more fun then logging into your windows servers and there are more new patches to install to fix security problems and as per usual Windows must reboot.  I have Redhat servers that have never been rebooted but my Windows machines regularly have to rebooted just because.  Nothing frustrates me more as an administrator then rebooting servers, so many bad things can happen when you reboot.

For example on the weekend my servers were forced to restart and when they came back online my Web Server was down because the HTTP port was in use by another service.  This is odd because I didn’t install anything new however in my case it turned out to be the KDC proxy service that was installed when I did some changes to my remote desktop services.

In order to figure out what service was causing the problem in this case, there is a nice quick trick you can use to figure out what services rely on the HTTP and HTTPs ports.  From a command prompt if you issue the command:

net stop http

This will list out all the services that will be impacted when you execute this command.  In my case I don’t need the KDC proxy service to be running, so I shut down the service, and I was able to bring the WebLogic server online and my client was able to login to their environment from the web again.