Hey Everyone,
A while back i needed a way to easily look up Group or User SID's for ad users. I needed to do this in a repetitive way where i could over and over look up individual SID's and just keep a Powershell window open on the side for when i wanted to do it, i could literally just paste in the username and hit enter and then boom, here's your SID !
I knocked up this script within about 20 mins that allows me to do it without having to remember any commands or import any Powershell modules.
It was handy for me a while back when i was working on a project so maybe it will be useful for someone else too.
EASYGETSID - An easy to use script to look up users or group SID's from AD
How to move SQL database files (MDF and LDF) to another location
Pre-requisites
In case a database is being used by any Windows services or other resources, these must be stopped in order to allow altering SQL database files. Also, any existing connections to a database must be closed. Before the first step, make sure to locate the appropriate MDF and LDF files for a database you want to work with. By default, these names are in the following format:
- Database_name_Data.mdf – for MDF file
- Database_name_log.ldf – for LDF file
The above mentioned format does not need to be necessarily used, so make sure you are targeting correct files.
Moving database files to another location
- Run the following SQL script to set a new location for SQL database files:
-
ALTER DATABASE AdventureWorks2014
MODIFY FILE ( NAME = AdventureWorks2014_Data,
FILENAME = 'E:\New_location\AdventureWorks2014_Data.mdf');
GO
ALTER DATABASE AdventureWorks2014
MODIFY FILE ( NAME = AdventureWorks2014_Log,
FILENAME = 'E:\New_location\AdventureWorks2014_Log.ldf');
GO
The New_location is a folder created on a separate drive (in this specific case, we will change from a default C to E drive on a local machine) with sufficient disk space for SQL database files. Specified folder must be created first, in order to be used as a new location for SQL database files in the above SQL statement
- Run the following SQL script to take a SQL database offline:
-
ALTER DATABASE AdventureWorks2014 SET OFFLINE;
GO
This is important in order to perform the next step. If a database is being used by any application, this step cannot be accomplished, unless all connections to a database are closed.
- Move MDF and LDF files of the specific SQL database to a new location specified in the statement above. This means to simply cut mentioned files from the existing location and to move them to a newly specified one.
Important note: Make sure that SQL Server can access the specified location. Otherwise, the following error will appears:
Msg 5120, Level 16, State 101, Line 13
Unable to open the physical file “E:\New_location\AdventureWorks2014_Data.mdf”. Operating system error 5: “5(Access is denied.)”.
To fix this:
- Start SQL Server Configuration Manager
- Right click a SQL Server instance that hosts a database which files are moved to a new location and choose the Properties option from the drop-down list:
Instead of the current account, switch to the one that has access to a drive where files are moved:
- Once this is done, a database can be set online by running the following query to get back a database online:
-
ALTER DATABASE AdventureWorks2014 SET ONLINE;
GO
- To verify that the process is finished successfully run the following query:
SELECT name, physical_name AS NewLocation, state_desc AS OnlineStatus
FROM sys.master_files
WHERE database_id = DB_ID(N'AdventureWorks2014')
GO
This should give the following result:
Once this is done, a SQL database will be hosted on a drive with sufficient free space and the user can continue using it.
From <https://www.sqlshack.com/move-sql-database-files-mdf-ldf-another-location/>
Created with OneNote.
Could not locate file 'mydatabase' for database 'mydatabase' in sys.database_files. The file either does not exist, or was dropped
Could not locate file 'mydatabase' for database 'mydatabase' in sys.database_files. The file either does not exist, or was dropped
18 October 2022
02:54
dbcc shrinkfile('mydatabase',113311) fails with following error
Could not locate file 'mydatabase' for database 'mydatabase' in sys.database_files. The file either does not exist, or was dropped
I managed to resolve it by renaming the logical name of the log file:
USE [clientdatabase];
ALTERDATABASE clientdatabase MODIFY FILE
(NAME =clientdatabase_log, NEWNAME =clientdatabase_log_1);
Running the script
USE [clientTdatawarehouse]
GO
DBCC SHRINKFILE (clientTDataWarehouse_log_1, 1024)
GO
Created with OneNote.
Turn On or Off Aero Shake for Current User using a REG file
The downloadable .reg files below will add and modify the DWORD values in the registry keys below.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
DisallowShaking DWORD
0 = Enable
1 = Disable
From <https://www.tenforums.com/tutorials/4417-how-enable-disable-aero-shake-windows-10-a.html>
Created with OneNote.
MsiExec cheat sheet
MsiExec.exe Command-Line Parameters
InstallShield 2019
MsiExec.exeis the executable program of the Windows Installer used to interpret installation packages and install products on target systems. After you build your release, you can install your Windows Installer package (.msi) from the command line.
Your Windows Installer package can be accessed from the folder that contains your built release. The default location is as follows:
C:\InstallShield 2019 Projects\ProjectName\ReleaseName\DiskImages\Disk1\ProductName.msi
After building a release of your product, you can install it from the command line:
msiexec /i "C:\InstallShield 2019 Projects\ProjectName\ReleaseName\DiskImages\Disk1\ProductName.msi"
The table below provides a detailed description of MsiExec.execommand-line parameters.
| Parameter | Description |
| /i <package> or <product code> | Use this format to install the product Othello: msiexec /i "C:\InstallShield 2019 Projects\Othello\Trial Version\Release\DiskImages\Disk1\Othello Beta.msi" Product Code refers to the GUID that is automatically generated in the Product Code property of your product’s project view. |
Wget in powershell
Basic Usage
At it’s most basic, the Invoke-WebRequest cmdlet sends an HTTP request method to an endpoint such as a URI or URL. The cmdlet supports all of the common request methods.
By far, the most common method is the GET method. This method reads information such as information from a website or maybe querying a REST API. The method is defined by using the Method parameter. Since we need an endpoint to query, we’ll also need a URI as well. To keep this easy, I’ll pick any website. To shamelessly promote TechSnips, I’ll choose techsnips.io.
Let’s say I want to get a listing of all of the latest published videos as shown below.
Example webpage
I can get an HTML representation of this page by running Invoke-WebRequest -Uri 'https://techsnips.io' -Method GET. When I do this, Invoke-WebRequest downloads the entire web page and returns an output with various parsed information around the elements of the page.
Invoke-WebRequest response
To get the videos, I’ll need to do some digging. When I look at the links property I see a commonality that all of the video links have a class of ng-binding as shown below.
$result.Links | where {$_.class -eq ‘ng-binding’}
Once I know this, I can then find all of those elements and only return the innerHTML property and voila!
$result.links | where {$_.class -eq ‘ng-binding’} | Select-Object innerHtml
Downloading Files with Invoke-WebRequest
We can also use Invoke-WebRequest to download files from the web as well and it’s really easy! We can download files by simply pointing Invoke-WebRequest at a URI of a file and using the OutFile parameter to tell the cmdlet to save the file to local disk.
As an example, below I’m downloading the SysInternals Handle utility and expanding the zip file once downloaded. It’s really that easy!
Invoke-WebRequest-Uri 'https://download.sysinternals.com/files/Handle.zip'-OutFile C:\handle.zi Expand-Archive-Path C:\handle.zip
Submitting a Form and Working with Sessions
We can use Invoke-WebRequest to also fill forms. To do this though, we commonly need to work with web sessions. HTTP is a naturally stateless protocol and your browser (in this case PowerShell) must be able to create a session which will be used to track things like cookies, for example. A common form is a login/password form so let’s login to a fictional website!
Let’s say our fictional login form is at the URL http://somewebsite.com. We’d first need to run Invoke-WebRequest to download the HTML structure and create a session.
$response= Invoke-WebRequest-Uri 'http://somewebsite.com'-SessionVariable rb
Once we do this, the response will have a Forms property we can then populate with a username and password. In this case, the username is represented by a field called user and the password should be in a field called password. This will depend on the webpage.
$form= $response.Forms[0]$form.Fields["user"]= "username"$form.Fields["password"]= "password"
Once the form has been populated, we can then use Invoke-WebRequest again but this time re-use the session we just created and automatically figure out the URI to send it to by reading the Action property that’s on the form as shown below.
$response= Invoke-WebRequest-Uri $form.Action -WebSession $rb-Method POST
If you’ve got all of the appropriate field names right and the webpage isn’t doing any fancy, you should be logged in with the username and password inside of the $rb web session. At this point, you can read various pages behind that authentication if you use the $rb web session variable.
Resolving Short URIs
Finally, another great use of Invoke-WebRequest is resolving short URIs. Perhaps you need to know what’s behind that shortened URL but don’t want to click on it to find out! No problem. Using Invoke-WebRequest, we can read the AbsoluteUri property from the parsed response it gives us!
Notice below I’m also using the UseBasicParsing parameter. By default, Invoke-WebRequest tries to use Internet Explorer (IE) to parse the HTML returned. This doesn’t work on systems without IE. To get around that, we can use the UseBasicParsing parameter to still download the content but only lightly parse it.
$Url= 'buff.ly/2sWvPOH'$Web= Invoke-WebRequest-Uri $Url-UseBasicParsing
$Web.BaseResponse.ResponseUri.AbsoluteUri
Summary
The Invoke-WebRequest cmdlet is one of the most versatile cmdlets that come with PowerShell. If there’s an action that can be performed via a typical graphical browser, the Invoke-WebRequest cmdlet can do it too. You can find an example of using this cmdlet by taking a look at this article on monitoring REST APIs.
Created with OneNote.
Force BSOD
NotMyFault v4.20
Notmyfault is a tool that you can use to crash, hang, and cause kernel memory leaks on your Windows system. It’s useful for learning how to identify and diagnose device driver and hardware problems, and you can also use it to generate blue screen dump files on misbehaving systems. The download file includes 32-bit and 64-bit versions, as well as a command-line version that works on Nano Server. Chapter 7 in Windows Internals uses Notmyfault to demonstrate pool leak troubleshooting and Chapter 14 uses it for crash analysis examples.
Screenshots
Usage
You can use the GUI versions or the command-line version. Notmyfault requires administrative privileges.
Usage:
notmyfaultc.exe crash crash_type_num
Shell
crash type:
0x01: High IRQL fault (Kernel-mode)
0x02: Buffer overflow
0x03: Code overwrite
0x04: Stack trash
0x05: High IRQL fault (User-mode)
0x06: Stack overflow
0x07: Hardcoded breakpoint
0x08: Double Free
Or notmyfaultc.exe hang hang_type_num
Shell
hang type:
0x01: Hang with IRP
0x02: Hang with DPC
Download NotMyFault (1 MB)
From <https://docs.microsoft.com/en-us/sysinternals/downloads/notmyfault>
Created with OneNote.
Subscribe to:
Posts (Atom)