Search

Friday, August 23, 2013

Windows update error 80072ee2

If you see this error during online Windows Microsoft update with red cross check for the "trusted sites" settings on Internet explorer whether URL's below added in the exceptions list or not ;
  1. http://*.update.microsoft.com
  2. https://*.update.microsoft.com
  3. http://download.windowsupdate.com
Furthermore, in my case, URL's were added but when I checked proxy settings I find out that it is enabled. After disabling proxy everything went fine.
Posted by at No comments:

Thursday, August 22, 2013

Cisco Nexus 1000V Switch for Microsoft Hyper-V

To download you have to sign in with your cisco ID;

http://software.cisco.com/download/release.html?mdfid=284786025&flowid=42792&softwareid=282088129&release=5.2(1)SM1(5.1)&relind=AVAILABLE&rellifecycle=&reltype=latest
Posted by at No comments:

Wednesday, August 21, 2013

Windows Server 2012 Hyper-V Security Features

Hyper-v vs vSphere on security wing;

http://windowsitpro.com/article/hyper-v-server/windows-server-2012-hyperv-security-features-144923
Posted by at No comments:

Monday, August 19, 2013

Basically monitoring port scan with SCOM

Hello,

I was thinking if monitoring port scan attacks with SCOM is possible and I have found a link to build a customized script for a unit monitor in SCOM.

Using the link
http://operatingquadrant.com/2009/08/13/scom-locallly-monitoring-a-listening-tcp-port/

I Customized the script and created a new unit monitor targeted to "windows computer" class. "a" here represents the number of "SYN_SENT" lines returned from netstat command. If "a" is less than 5 in 2 minutes interval (given as a parameter for scheduling of the monitor) monitor will raise an alert.

http://netsecurity.about.com/cs/hackertools/a/aa121303.htm will be helpful to understand why I used "SYN_SENT" for netstat. Of course more detailed monitor can be build where this script should be accepted as a starting point.

Here is the full script for the unit monitor;
-------------------------------------
Option Explicit
Dim nPortToCheck, scmd, sPortQryPath

Dim oAPI, oBag, oArgs, objshell, objExec, oStdOut, a
Set oAPI = CreateObject("MOM.ScriptAPI")
Set oBag = oAPI.CreatePropertyBag()

Dim sLine, bl_Healthy, sMesg

sCmd = "netstat -ano"
set objShell = CreateObject("Wscript.shell")
set objExec = objShell.exec(sCmd)
set oStdOut = objExec.stdout

a=0

Do until oStdOut.AtEndofStream
sLine = ""
sLine = oStdOut.ReadLine
if instr(sLine, "SYN_SENT") > 0 and instr(sLine,":" & nPortToCheck) then
a=a+1
end if
loop

if a<5 then
sMesg = "no problem"
Call oBag.AddValue("Status","OK")

Else
sMesg = "Port scan alert"
Call oBag.AddValue("Status","Error")
End if

Call oBag.AddValue("Message",sMesg)
Call oAPI.Return(oBag)
set oBag = nothing
set oAPI = nothing
------------------------------------------

have a nice day! :)
Posted by at 1 comment:

Sunday, August 18, 2013

Automatically creating scheduled change request workflow with powershell using scsm authoring tool

Last week I got rid of creating windows update change requests every month for every product  in SCSM. Therefore I decided to create a workflow for automatically creating scheduled change requests using powershell.

We use templates for change requests in our SCSM environment.

According to our needs ;

- Filling areas left empty after standart change template applied which are activity implementer, CI's, parent CR child RA and MA descriptions, created by and most importantly planned start and end dates.
-Keeping this script in a  management pack (you will need SCSM authoring tool to create a scheduled workflow)
-Chance to able to enable and disable this workflow when needed

After a deep search in google we have found some usefull powershell codes and smlet commands below;

SCSM: Set Scheduled Start and End Date in Manual Activites of CR via Powershell: http://gallery.technet.microsoft.com/scriptcenter/SCSM-Set-Scheduled-Start-29ce12d3

apply template to change request object via powershell: http://social.technet.microsoft.com/Forums/systemcenter/en-US/7072bf58-e677-4329-bb40-996bd8052a24/apply-template-to-changerequest-object-via-powershell Creating recurring Change Requests: http://www.scsm.se/?p=239

Using SCSM to Automatically Create Work Items. Specifically: Change Requests!: http://www.netiviaconsulting.com/2012/05/08/using-scsm-to-automatically-create-work-items-specifically-change-requests/

and also Automatically Creating Incidents Periodically: http://blogs.technet.com/b/servicemanager/archive/2009/10/21/automatically-creating-incidents-periodically.aspx

Add a Implementer to Manual Activity via PowerShell: http://gallery.technet.microsoft.com/scriptcenter/SCSM-Add-a-Implementer-to-74443a8f

I have 1 RA and 2 MAs in my template therefore code is arranged according to our needs. After all combined and modified I got the powershell code below ;
--------------------------------------------
Import-Module Smlets

$CrClass = Get-SCSMClass |?{$_.name -eq "System.WorkItem.ChangeRequest"}

$o = ""

$Params = @{

ID="CR{0}"

Title = "your title"

Description = "your description"

Reason = "your reason"

ScheduledStartDate=[datetime]::utcnow

ScheduledEndDate=[datetime]::utcnow.AddHours(3)

Area = "Operations"

Priority = "Medium"

Impact = "Standard"

Risk = "Medium"



}
 $o = New-SCSMObject -Class $CrClass -PropertyHashtable $Params -pass




#-------adding description to standart change---------
$changeRequest = Get-SCSMObjectProjection System.WorkItem.ChangeRequestProjection -filter "Id -eq '$o'"

$template = Get-SCSMObjectTemplate Template.700f759a82014344bc0bb2b732e95b47 #(template ID got from custom template MP used)

$changeRequest.__base.ApplyTemplate($template)

$changeRequest.__base.Commit()



 
 #-------adding "created by user" to CR----------------
$CreatedByRelClass = Get-SCSMRelationshipClass System.WorkItemCreatedByUser

$ChangeReq = Get-SCSMObject $CrClass|?{$_.Id -eq $o}

$UserClass = Get-SCSMClass System.Domain.User

$CreatedByUser = Get-SCSMObject $UserClass|?{$_.UserName -eq "borgamentes"}

New-SCSMRelationshipObject -RelationShip $CreatedByRelClass -Source $ChangeReq -Target $CreatedByUser -Bulk



 
 #-------------adding description into RA------------------
$WIContainsRAActivityRel = Get-SCSMRelationshipClass -Name System.WorkItemContainsActivity

$AllCRActivities = Get-SCSMRelatedobject -SMObject $o -Relationship $WIContainsActivityRARel

$RActivities = $AllCRActivities | where {$_.ClassName -eq "System.WorkItem.Activity.reviewActivity"}

$RAdescription="SCSM update2"

$RAID=$RActivities.Id

Set-SCSMObject -SMObject (Get-SCSMObject (get-SCSMClass System.WorkItem.activity.reviewactivity) -Filter

"Id -eq $RAID") -Property 'Description' -Value $RAdescription


#-------------filling empty areas left in MA's------------------
$MActivities = $AllCRActivities | where {$_.ClassName -eq "System.WorkItem.Activity.manualActivity"}

$MAdescription1="SCSM MA1 update"

$MAdescription2="SCSM MA2 update"

$MAProp1 = @{

Description = "your description"

Area = "Software"

ScheduledStartDate=[datetime]::utcnow

ScheduledEndDate=[datetime]::utcnow.AddHours(3)

}
$MAProp2 = @{

Description = "your description"

Area = "Software"

ScheduledStartDate=[datetime]::utcnow

ScheduledEndDate=[datetime]::utcnow.AddHours(3)

}
$ActivityImpRelClass = Get-SCSMRelationshipClass System.WorkItemAssignedToUser

$MAUserClass = Get-SCSMClass System.Domain.User

$MAActivityImplementer = Get-SCSMObject $MAUserClass|?{$_.UserName -eq "borgamentes"}

New-SCSMRelationshipObject -RelationShip $ActivityImpRelClass -Source $MActivities[0] -Target $MAActivityImplementer -Bulk

New-SCSMRelationshipObject -RelationShip $ActivityImpRelClass -Source $MActivities[1] -Target $MAActivityImplementer -Bulk

$configItem= get-SCSMRelationshipClass System.WorkItemAboutConfigItem

$computerclass = Get-SCSMClass |?{$_.Name -eq "Microsoft.windows.computer"}

$computername1 = Get-SCSMObject $computerclass|?{$_.PrincipalName -eq "fqdn of the first CI"}

$computername2 = Get-SCSMObject $computerclass|?{$_.PrincipalName -eq "fqdn of the second CI"}

$computername3 = Get-SCSMObject $computerclass|?{$_.PrincipalName -eq "fqdn of the third CI"}

New-SCSMRelationshipObject -RelationShip $configItem -Source $MActivities[0] -Target $computername1 -Bulk

New-SCSMRelationshipObject -RelationShip $configItem -Source $MActivities[0] -Target $computername2 -Bulk

New-SCSMRelationshipObject -RelationShip $configItem -Source $MActivities[0] -Target $computername3 -Bulk

New-SCSMRelationshipObject -RelationShip $configItem -Source $MActivities[1] -Target $computername1 -Bulk

New-SCSMRelationshipObject -RelationShip $configItem -Source $MActivities[1] -Target $computername2 -Bulk

New-SCSMRelationshipObject -RelationShip $configItem -Source $MActivities[1] -Target $computername3 -Bulk

$MAID1=$MActivities[0]

Set-SCSMObject -SMObject (Get-SCSMObject (get-SCSMClass System.WorkItem.activity.manualactivity) -Filter "Id -eq $MAID1") -PropertyHashtable $MAProp1 -pass

$MAID2=$MActivities[1]

Set-SCSMObject -SMObject (Get-SCSMObject (get-SCSMClass System.WorkItem.activity.manualactivity) -Filter "Id -eq $MAID2") -PropertyHashtable $MAProp2 -pass



 
remove-module smlets

---------------------------------------------


When you try to run the script from powershell command windows you will see its working fine but to run it through a custom MP you have to modify your custom template MP.
For RA;
<Property Path="$Context/Property[Type='CustomSystem_WorkItem_Activity_Library!System.WorkItem.Activity']/Id$">RA{0}</Property>

and for MA's ;
<Property Path="$Context/Property[Type='CustomSystem_WorkItem_Activity_Library!System.WorkItem.Activity']/Id$">MA{0}</Property>

Then you can save your project in SCSM Authoring tool.  Still the work is not competed. Final step is to copy both the .DLL authoring tool and MP created to SCSM installation directory and import it.

All done! :)
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)