Posts

Where’s my enabled Users?

Image
Where’s my enabled Users? I’m going through and fine tuning our Proodpoint Spam solution and noticed one of the filters needs to be updated. This filter finds users in ADUC and does a push to our Spam Solution out on the internets. This filter should have an end result that finds active mail enabled users.




Filter:
(&(msExchHomeServerName=*)(!(objectclass=contact))(!(objectclass=group))(!(cn=systemmailbox*))(!(cn=healthmailbox*)))

See the problem? It’s grabbing all users. Because we have thousands and thousands of disabled AD objects (I have no control over this), this is altering our number of users in the system. To correct this we needed to query on something in AD that would filter out disabled users.

Instead of giving you the answer right away I am going to show you my thought process. First thing was to figure out the attributes I could query off. I need to do a Get-Adobject but first need my DN to run that command. So I run:

Get-AdUser –Identity keith.smith


To get the DN I just …

Find logged on Users

Today I got asked to figure out what servers our team members are logged into. What better way than to right up a PowerShell script that runs every morning and shoots us an email. This process also helps out with the question "WHAT SERVER IS LOCKING OUT MY ACCOUNT!". I do have another PowerShell script that checks the PDC Emulators security logs for that, but that will be in a future post.






The script is a little long to explain so I'm just going to post it. I cant remember where I got the html section from. It's freak'n ugly (I'm not an html programmer), but works. Just go through and change the usernames you want to check for and the smtp settings at the bottom of the script. Also, you will need to have psloggedon.exe from....




https://technet.microsoft.com/en-us/sysinternals/psloggedon.aspx


Just make sure the exe is in your system32 dir.









CLS<# .NOTES -------------------------------------------------------------------------------- Code generated…

Citrix - Jabber 10.5 - Data is not in ICO format

Image
Got a request today to publish out Cisco Jabber 10.5 in my XenApp 6.5 environment. While publishing it out, it errors on the icon having issues. Below is a screenshot of the error. I have seen this happen in the past with Firefox too.



So what's the fix you ask?

Apply the following Hotfix for XenApp 6.5 (CTX137747)

Hotfix DSCXAMx650W006 - For Citrix XenApp 6.5 AppCenter - English And for the people that are on XenApp 6.0 (CTX139340) http://support.citrix.com/article/CTX139340 

Worse than HeartBleed? CVE-2014-6271

CVE-2014-6271Overview GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

Impact
CVSS Severity (version 2.0):
CVSS v2 Base Score: 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore: 10.0Exploitability Subscore: 10.0
CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service


Information taken from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-62…

Citrix XenApp - Automate Discovery

Image
I am in the process of building out a new XenApp environment for a customer, and was thinking... "It would be so nice to automate the 'Configure and run discovery' settings". So how do you accomplish this? I know my service desk would appreciate it!

The answer is a custom "MMC". Below are the steps to accomplish this.

Part 1: Create the custom MMCOpen up a 32bit MMC console (universally will work better and create less stress)On 32 bit OS run "mmc"On 64 bit OS run "mmc /32"

 Click File > Add/Remove Snap-in...

 Select the console you are going to push out to your users and add it to the "Selected snap-ins"(In my case it is going to be AppCenter)

 Right Click on "XenApp"Select "Configure and run discovery"

 Select the "Skip this screen in the future" boxClick Next

 Click on AddFor the server, I am going to pick my two XenApp ControllersDepending on your setup, and where you are publishing this, you wil…

The group policy service failed the logon. Access is denied.

Image
This morning, I had a brand new user log into a Citrix XenApp 6.0 environment. When launching applications, they received the following error message.
"The group policy service failed the logon. Access is denied."
Quick and easy fix for this one is to delete the users profile. User can now log in and launch applications. Issue resolved!

NetScaler - Gateway vServer- Dropping packets from a specific Source

Image
NetScaler - Gateway vServer- Dropping packets from a specific Source While talking with a citrixirc colleague, the question was brought up... "Is there a way to block 1 client from a vserver at the NetScaler level?"
The answer is "Yes". I am sure there are multiple ways to do this. I personally would use a "Responder Policy".
If you want to learn more about Citrix Responder Policies you can check out support.citrix.com. http://support.citrix.com/proddocs/topic/netscaler-responder-93/ns-resp-act-poli-examples-tsk.html
Setting up a Responder Policy to drop a clientOpen up the GUI and go to "NetScaler Gateway > Virtual Servers"Open the vServer you would like to add the Responder Policy too.Click on the "Policies" tabThen click on the Responder buttonClick on Insert Policy at the bottomThen click on "New Policy..."
Create the following Responder PolicyName: rpol-%youpickaname%You can use which ever naming convention you would l…