Stay Connected
Scripts
Windows Active Directory DCpromo answer file
Mar 4th
The following example will help you to quickly provision an Active Directory domain in vm or other lab environments. The provision of domain controller can be controlled and reproduced same way as before. Copy the text below and create new text file named ad.txt.
[DCInstall]
AdministratorPassword =P@SSWORD1
CreateOrJoin = Create
DomainNetBiosName = 70-296
NewDomainDNSName = 70-296.net
RebootOnSuccess = Yes
ReplicaOrNewDomain = Domain
SiteName = “Default-First-Site”
InstallDNS=yes
ConfirmGc=Yes
TreeOrChild = Tree
UserName=Administrator
Password=P@SSWORD1
Review the local administrator password and open a cmd shell on your Windows Server. Run dcpromo /answer:ad.txt. In the example answer file I automatically install the DNS server; make sure the Windows Server source cd-rom is available locally or in a cd drive.
For more options go to http://support.microsoft.com/kb/223757/en-us or http://www.petri.co.il/unattended_installation_of_active_directory.htm.
After the reboot and logon with Domain Administrator account I verify the installation with ADUC (dsa.msc) console.
The Active Directory domain was successfully installed. Using the answer file I am able to redo my lab environments and prepare myself for production deployments.
Install Windows Server 2003 DHCP Server Service with Script
Jan 19th
Running the VMNet8 NAT network in VMWare Workstation does not provide me the granular control how the DHCP server should deal with different DHCP clients and options I want to see in my lab environment. As sysadmin I like to script things and re-use the code next time I will need to it.
How to install the DHCP service from script?
- Create new file named c:\dhcp_server.txt
[NetOptionalComponents]
DHCPServer =1
- Save the file and open a cmd box.
- Execute sysocmgr /i:%windir%\inf\sysoc.inf /u:c:\dhcp_server.txt
For additional components go to here.
XML Report of Windows EventViewer Security EventID 529
Jul 4th
The following LogParser.exe command will query Windows NT Securiy log with EventID 529 and parse the data into %computername%_security_logons_failed_529.xml.
LogParser "SELECT TimeGenerated AS LogonDate, EXTRACT_TOKEN(Strings, 0, '|')AS Username,EXTRACT_TOKEN(Strings, 3, '|')AS LogonType,EXTRACT_TOKEN(Strings, 4, '|')AS LogonProcess, EXTRACT_TOKEN(Strings, 11, '|')AS Source INTO %computername%_security_logons_failed_529.xml FROM Security WHERE EventID = 529"
Analyze your scan log files
Jun 18th
As IT security pros we often scan many different networks and use different commands to perform the job. At the end we have dozen of log files which we need to analyze.
Couple days I installed a nice tool developed by Microsoft called LogParser. It has some neat features for queering different data sources.
I played with it and came up with some nice command lines.
Put all your logs into C:\Scans\ directory and make sure they all have the same extension e.g. .log or .txt Go to CMD and paste the following command line C:\Tools\LogParser2.2>LogParser.exe -i:textline "select text from C:\Scans\*.log where text like '%VUL%'" -o:CSV


