How to run PowerShell cmdlets on remote servers

The Invoke-Command and New-PSSession PowerShell cmdlets can make it easier for admins to manage a number of remote servers.

PowerShell is a powerful command-line environment that can be used to manage and maintain Windows. While it is easy to think of PowerShell as a local management tool, it can also be used to manage remote servers. In fact, admins can create PowerShell scripts that perform management tasks against large numbers of servers. And the Invoke-Command and New-PSSession commands are two ways to execute PowerShell cmdlets on remote systems.

Invoke-Command

If you only need to run a single cmdlet (or a series of piped cmdlets) against one or more remote servers, the easiest way to do so is to use the Invoke-Command cmdlet. Microsoft'sdocumentation for this cmdlet lists an overwhelming number of parameters and syntax variations, leading to the Invoke-Command cmdlet's reputation for being excessively complex. Even so, using Invoke-Command to run a cmdlet on a remote system is surprisingly easy.

For basic remote cmdlet execution, you only need to supply the name of the remote computer and the block of code that you want to execute. Suppose you wanted to run the Get-VM cmdlet on a remote server named Production1. You could do so by using this command:

Invoke-Command –ComputerName Production1 {Get-VM}

While this seems simple, there are a few things that you need to know about this method.

First, the Invoke-Command cmdlet does not limit you to executing a cmdlet on a single remote system. You can run a cmdlet on multiple computers. All you have to do is separate the computer names with a comma. For instance, to run this command on Production1, Production2 and Production3, the command would look like this:

Invoke-Command –ComputerName Production1, Production2, Production3 {Get-VM}

The second thing you need to know about this method is that even though it is designed to make it easy to run a single command against a remote system, you can run multiple commands. If you look at the previous line of code, you will notice that Get-VM, which is the command that is being run against the remote systems, is enclosed in braces. Anything within those braces will run on the specified remote computers. As such, you can link cmdlets together using the pipe symbol so long as all of the commands are enclosed in braces.

The third thing you need to know is that the syntax shown above only works if Kerberos authentication is being used and all of the computers, including the one on which the command is being typed, are domain-joined. Otherwise, you will have to make use of the HTTPS transport and will have to designate the remote systems as trusted hosts.

New-PSSession

The New-PSSession is commonly used to execute commands on remote systems. While Invoke-Command is designed to run a single command (or string of commands) on a remote system, New-PSSession actually redirects PowerShell to the remote server. In essence, any command that you type is automatically sent to and executed on the remote machine.

Like the Invoke-Command cmdlet, there are a number of different variations of the New-PSSession cmdlet. You can find Microsoft's documentation for this cmdlet here.

At its simplest, this cmdlet requires only that you provide the name of the remote computer. For example, if you want to establish a session with a computer named Production1, you could use this command:

New-PSSession –ComputerName Production1

This command establishes a session with the specified computer, but it doesn't automatically redirect PowerShell so any commands you type are executed on the remote system. The reason for this is that Microsoft doesn't limit you to using only one remote session. You may need to establish remote sessions with a number of different servers. As such, entering the command listed above establishes a session and PowerShell provides confirmation of the session and lists a session ID number, but that's about it.

If you want to use the remote session then you will have to make use of another PowerShell cmdlet named Enter-PSSession. Simply append the session number you want to connect to. For example, if the New-PSSession cmdlet lists 1 as the session ID for the connection to Production1, then you could enter that session by using the following command:

Enter-PSSession 1

When you use this command, you will see the PowerShell prompt change to reflect the name of the remote system. That way you can easily keep track of which system you are sending commands to.

Once again, you will need to make sure that Kerberos authentication is being used and that both systems are domain joined. Otherwise, you will have to jump through a few extra hoops in order to establish a remote session.

As you can see, PowerShell makes it easy to execute commands against remote servers. This is especially true if all of the servers and your workstation belong to a common domain.

Courtesy: Brien Posey

Three mobile security threats IT should know

When it comes to mobile security threats, IT has more to deal with than just risky, malicious apps.

Malware outbreaks might make for fantastic headlines, but mobile malware is just one of several mobile security threats IT must confront.

Lost or stolen devices and misconfigured or snoopy applications represent the majority of mobile device breaches. Still, this doesn't mean enterprises should ignore mobile malware. Assessing all three of the following threat trends can help you take a risk-based approach to safeguarding corporate-provided or employee-owned mobile devices in the enterprise.

Device loss and theft

Smartphones and tablets are easy prey for snatch-and-grab criminals, and many more mobile devices simply go missing. With pervasive mobility, device loss and theft rates continue to grow, escalating the associated risk to any business data stored on those devices. According toVerizon's latest Data Breach Investigations Report, 15.3% of all data breach incidents are now reportedly due to physical theft or loss -- including that of mobile devices.

Fortunately, fundamental measures are readily available on all mobile platforms to counter this threat. For example, Google Android 5.0 finally mandates hardware support for stored data encryption, although users can still disable this essential safeguard. Apple iOS 7 introduced a kill switch to render stolen iPhones and iPads worthless. In iOS 8, Activation Lock is enabled by default, strengthening out-of-the-box defenses against data breaches due to device loss or theft.

Leaky apps on the rise

The majority of mobile security breaches through 2017 will be the result of mobile app misconfigurations, rather than explicit attacks on devices, according to Gartner Inc. For example, many mobile apps auto-synchronize data with personal cloud services, such as Apple iCloud or Microsoft OneDrive. Unless IT blocks this syncing, or even bans those kinds of cloud services, these apps can easily leak enterprise data to public clouds unbeknownst to employees or employers.

In addition, a growing number of mobile apps request permissions and gather data they simply don't need. Many of the free apps in Google Playcontain adware, software that endangers privacy by capturing information, such as device-unique IDs, location, contacts and more. Most often hidden within personalization or gaming apps, even relatively benign adware can slow down a mobile device, trigger accidental Web requests and leak personal or enterprise data.

Enterprises can take various steps to mitigate this threat. IT can disable the installation of repackaged apps from unauthorized app stores and should make sure to assess the reputation of mobile apps used for business. Another way to isolate enterprise data is by using containerized apps or storage. It may be impossible to prevent all leaky apps, but enterprises can use careful app management to control the flow of business data between mobile apps and across mobile networks.

Mobile malware isn't just for Android

Over the past few years, malware writers have largely focused on Android because it is the top-selling mobile OS worldwide and the dominant OS on personal smartphones. However, as employees increasingly use mobile devices for business, criminals are likely to refocus on malware aimed at enterprise assets.

According to San Francisco-based cyber security analysis firm Lookout Inc., today's Android security threats consist of increasingly more sophisticated malware attacks and OS exploits that compromise devices and networks. To make matters worse, many Android devices run older versions of Android that are vulnerable to Android Open Source Project browser or MasterKey exploits that give criminals free reign over compromised devices.

Many enterprises consider iOS immune to malware, but this is simply untrue. For example, Lookout reports that WireLurker and XAgent "surveillanceware" are exploiting enterprise app provisioning methods and installing malware on iPhones and iPads, bypassing Apple's tightly curated App Store. In addition, iOS malware has long targeted jailbroken devices, which install bad apps from alternative sources, such as the Cydia directory.

Even if mobile malware isn't yet a major concern for enterprises, a few basic countermeasures can go a long way. Disabling sideloading of Android apps, monitoring and quarantining jailbroken or rooted devices, establishing minimum OS versions, and keeping devices and apps up-to-date can deter most of today's mobile malware threats. And that will establish a solid foundation for addressing emerging threats that will no doubt follow tomorrow.

Courtesy: Lisa Phifer

Apache Web Server

Apache is actually "a PATCHy server". It was based on some existing code and a series of  "patch files" made to original NCSA server. For many people this name brings the same meaning / feeling / spirit of the Native American Indian tribe of Apache, well-known for their superior skills in warfare strategy and inexhaustible endurance. Apache is HTTP 1.1 Compliant, open-source web server that is widely used. 

Apache is probably the most popular Linux-based Web server application in use. Once you have DNS correctly setup and your server has access to the Internet, you'll need to configure Apache to accept surfers wanting to access your Web site.

Managing Apache's httpd daemon is easy to do, but the procedure differs between Linux distributions. Here are some things to keep in mind.

Firstly, different Linux distributions use different daemon management systems. Each system has its own set of commands to do similar operations. Secondly, the daemon name needs to be known.

General Configuration Steps

The configuration file used by Apache is /etc/httpd/conf/httpd.conf in Redhat / Fedora distributions and /etc/apache*/httpd.conf in Debian / Ubuntu distributions. As for most Linux applications, you must restart Apache before changes to this configuration file take effect. The file is divided into three main sections.

1. Global Environment

2. Main configuration

3. Virtual Host Configuration

In Section 1, only the directive Listen needs to be set. This tells the Apache server, on which IP and port to listen for HTTP requests.

Listen 80

or

Listen 192.168.1.254:80

We can also make it listen on any port other than 80. 

In Section 2, set the ServerName and DocumentRoot directives. ServerName would be the name which will be used generally to access your server, i.e. www.mydomain.com. Set DocumentRoot directive to the path where the web pages of your main website reside. Similarly your VirtualHost configurations in Section 3 will have the DocumentRoot directive set to the directories containing web content relating to respective sites.

ServerName www.mydomain.com

DocumentRoot /var/www/html

By default, Apache expects to find all its web page files in the /var/www/html/ directory with a generic DocumentRoot statement at the beginning of httpd.conf :

<Directory "/var/www/html">

Options Indexes FollowSymLinks

AllowOverride None

Order allow,deny

Allow from all

</Directory>

Try starting your web server now by:

/etc/rc.d/init.d/httpd start

File Permissions and Apache

Apache will display Web page files as long as they are world readable. You have to make sure you make all the files and subdirectories in your DocumentRoot have the correct permissions.

It is a good idea to have the files owned by a non privileged user so that Web developers can update the files using FTP or SCP without requiring the root password.

To do this:

1.     Create a user with a home directory of /home/www.

2.     Recursively change the file ownership permissions of the /home/www directory and all its subdirectories.

3.     Change the permissions on the /home/www directory to 755, which allows all users, including the Apache's httpd daemon, to read the files inside.

useradd -g users www

chown -R www:users /home/www

     chmod 755 /home/www

Now we test for the new ownership with the ll command.

ll /home/www/site1/index.*

Note: Be sure to FTP or SCP new files to your web server as this new user. This will make all the transferred files automatically have the correct ownership.

If you browse your Web site after configuring Apache and get a "403 Forbidden" permissions-related error on your screen, then your files or directories under your DocumentRoot most likely have incorrect permissions.

Now open your favorite web browser and type in the URL :

http://127.0.0.1

or

http://localhost

or

http://www.mydomain.com

You should be able to see a Apache web server Test Page. If you can see the Apache test web page that means you are all set to further configure your server. Now copy your web site related files in this directory /var/www/html make them Apache readable by setting appropriate ownership and permissions and  re-start the web server. You should be able to see your website related main web page.

Log Files

/var/log/httpd/access_log

/var/log/httpd/error_log

/var/log/messages

Microsoft Exam (70-412) Configuring Advanced Windows Server 2012 R2 Services

Q-7: You have a cluster named Cluster1 that contains two nodes. Both nodes run Windows Server 2012 R2. Cluster1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
You notice that VM1 is marked as being in a critical state in the cluster.
You verify that VM1 is functioning correctly.
You need to ensure that VM1 is no longer marked as being in a critical state.

Which cmdlet should you run?

A. Remove-ClusterVmMonitoredItem
B. Remove-ClusterResourceDependency
C. Reset-ClusterVMMonitoredState
D. Clear-ClusterNode

Answer: (C) Reset-ClusterVMMonitoredState

Explanation:
Remove-ClusterVmMonitoredItem actually removes the monitoring so nothing will happen

Remove-ClusterResourceDependency - self explanatory has to do with dependencies, not critical state

Reset-ClusterVMMonitoredState - This cmdlet resets the Application Critical state of a virtual machine, so that the virtual machine is no longer marked as being in a critical state in the cluster (https://technet.microsoft.com/en-us/library/hh847312(v=wps.630).aspx)

Clear-ClusterNode - This cmdlet helps ensure that the failover cluster configuration has been completely removed from a node that was evicted.

------------

Q-8: You run Get-FSRMClassificationule and you receive the following output

ClassificationMechanism : Content Classfier
ContentRegularExpression : {\d{2,}}
ContentString :
ContentStringCaseSensitive :
Description :
Disabled : False
Flags :
Lastmodified : 4/18/2015 12:59:47 AM

Name : Rule2
Namespace : {D:\}
Parameters : {FSRMClearPropertyInternal = 0}
Property : Property2
PropertyValue : Value2
ReevaluateProperty : Overwrite
PSComputerName :

ClassficationMechanism : FolderClassifier
ContentRegularExpression :
ContentString :
ContentStringCaseSensitive :
Description :
Disabled : False
Flags :
Lastmodified : 4/15/2015 9:17:16 PM
Name : Rule1
Namespace : {D:\}
Parameters : {FSRMClearPropertyInternal = 0}
Property : Property1
PropertyValue : Value1
ReevaluateProperty : Aggregate
PSComputerName :

You have a file named file1 that is stored on drive D and has the following content
“111000000000111111”
You run the classification with all of the rules

Use the drop-down menus top select the answer choice that completes each statement.


File1 has [answer choice]

Only Property1 set to value1
Only Property2 set to value2
Property1 set to value1 and property2 set to value2
Neither Property1 nor Property2 set

If you modify File1 [answer choice]

Only the value of Property1 is
Only the value of Property2 is
the value of Property1 and Property2 are
Neither the value of Property1 nor the value of Property2 is

Answer:
Explanation:

Answer should be “Property1 set to value1 and property2 set to value2″

Modify File1 – “The value of property1 and property2 are”

------------
Q-9: You network contains one Active Directory domain. The domain contains two Hyper-V Hosts named Host1 and Host2 that run Windows Server 2012 R2. Host1 contains a virtual machine named DC5. DC5 is a domain controller that run Windows Server 2012 R2.
You configure Active Directory to support domain controller cloning for DC5, and then you shut down DC5.
You need to create a clone of DC5 on Host2
What should you run on each Hyper-V Host.? To answer Drag the appropriate commands or cmdlets to the correct Hyper-V hosts. Each command or cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Command and cmdlets

Export-VM
Import-VM
Move-VM
New-ADDCCloneConfigFile


Answer Area

Host1: Command or cmdlet
Host2: Command or cmdlet

Answer:
Host 1: New-ADDCCloneConfigFile
Host 2: Import-VM

Explanation: http://blogs.technet.com/b/canitpro/archive/2013/06/12/step-by-step-domain-controller-cloning.aspx
- Create the cloneconfig file by running ADDCCloneConfig on the source first (Step 2)
- Export the source VM (Step 4-2)
- Import the source VM into the new host (Step 4-3)

------------

Q-10: You network contains one Active Directory domain named adatum.com. The domain contains a DNS server named Server1 that runs Windows Server 2012 R2. All domain computers use Server1 for DNS.
You sign adatum.com by using DNSSEC.
You need to configure the domain computers to validate DNS responses for adatum.com records.
What should you configure in Group Policy?

A. Network List Manager Policies
B. Network Access Protection (NAP)
C. Name Resolution Policy
D. Public Key Policy

Answer: (C) Name Resolution Policy
Explanation: Name resolution policy needs to be configured in group policy.
"In both example 1 and example 2, validation is not required for the secure.contoso.com zone because the Name Resolution Policy Table (NRPT) is not configured to require validation.” (https://technet.microsoft.com/en-us/library/jj200221.aspx)

------------

Q-11 Your network contains one Active Directory forest named contoso.com. the forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table.

Name Domain Site
DC1 Contoso.com Main Office
DC2 Contoso.com Main Office
DC3 Contoso.com Europe Office
DC4 Contoso.com Asia Office
DC5 Sales.contoso.com Main Office
DC6 Manufacturiung.contoso.com Main Office

You need to add an additional UPN Suffix.
What should you use?

A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom

Answer: (F) Set-ADForest
Explanation: https://technet.microsoft.com/en-us/library/dd391925(v=ws.10).aspx

------------

Q-12: Your network contains one Active Directory forest named contoso.com. the forest contains two child domains and six domain controllers. The domain controllers are configured as shown in the following table.

Name Domain Site
DC1 Contoso.com Main Office
DC2 Contoso.com Main Office
DC3 Contoso.com Europe Office
DC4 Contoso.com Asia Office
DC5 Sales.contoso.com Main Office
DC6 Manufacturiung.contoso.com Main Office

You need to replicate users who haven't authenticated against any domain controllers for the last 7 days.
What should you use?

A. Set-ADSite
B. Set-ADReplicationSite
C. Set-ADDomain
D. Set-ADReplicationSiteLink
E. Set-ADGroup
F. Set-ADForest
G. Netdom

Answer: (C) Set-ADDomain
Explanation: Not really sure on this, but perhaps its the -LastLogonReplication interval? (https://technet.microsoft.com/en-us/library/ee617212.aspx)

What is Tomcat? Is it a Web Server? What can Tomcat do? How is it different than Apache Web Server? As it was a bit confusing for me, I made a small research on these and wanted to share some notes here. What we should keep in mind from this answer is: In general, the Apache HTTP server is just a plain old web server designed to serve static web pages. There are plenty of modules which can be installed to enhance Apache's abilities so that it can serve dynamic webpages using various technologies such as PHP, CGI or whatever, but the core of Apache is just a plain old HTTP server. I think rest of the answer is not very clear, the part explaining what Tomcat actually is so let's move on to some other resources.. Even the question itself starts with good information: I know that Tomcat is written in Java and the HTTP Server is in C, but other than that I do not really know how they are distinguished. Do they have different functionality? And a comment in the accepted answer gives us a lot of nice information: Tomcat does indeed bring with it a capable web server. Tomcat is a Servlet/JSP container and also offers a web server. Tomcat's web server is quite good, able to handle most small and medium web site needs. With support for Java NIO and 64-bit memory, even some larger scale web sites may be served well by Tomcat's Catalina module. For various reasons, some folks choose to ignore Coyote and instead use Tomcat's Servlet capabilities behind the Apache httpd web server product. Tomcat = ( Web Server + Servlet container + JSP environment ). The web server is ON by default when you run Tomcat’s startup.sh script, listening on port 8080 for incoming connections (HTTP calls). Tomcat is pure Java, with its own web server implementation (Coyote). The Apache HTTP Server (AHS), in contrast, has a completely separate implementation of a web server, using native C/C++ code. AHS is very flexible and powerful, but is often overkill. Tomcat's own web server works very well. Use AHS only if truly needed. This gives us the hint that Tomcat actually is a collection of a few modules. Components Tomcat 4.x was released with Catalina (a servlet container), Coyote (an HTTP connector) and Jasper (a JSP engine). Catalina Catalina is Tomcat's servlet container. Catalina implements Sun Microsystems' specifications for servlet and JavaServer Pages (JSP). In Tomcat, a Realm element represents a "database" of usernames, passwords, and roles (similar to Unix groups) assigned to those users.Different implementations of Realm allow Catalina to be integrated into environments where such authentication information is already being created and maintained, and then use that information to implement Container Managed Security as described in the Servlet Specification. Coyote Coyote is a Connector component for Tomcat that supports the HTTP 1.1 protocol as a web server. This allows Catalina, nominally a Java Servlet or JSP container, to also act as a plain web server that serves local files as HTTP documents. Coyote listens for incoming connections to the server on a specific TCP port and forwards the request to the Tomcat Engine to process the request and send back a response to the requesting client. Another Coyote Connector, Coyote JK, listens similarly but instead forwards its requests to another web server, such as Apache, using the JK protocol.This usually offers better performance. Jasper Jasper is Tomcat's JSP Engine. Jasper parses JSP files to compile them into Java code as servlets (that can be handled by Catalina). At runtime, Jasper detects changes to JSP files and recompiles them. The information I find here particularly important is: Apache Tomcat and Apache HTTP are completely different server technologies. It is impossible to use a plugin for Apache HTTP server with Tomcat. Apache HTTP server is developed in C and so are the plug-ins. On the contrary Tomcat is now completely developed in Java. Tomcat doesn't only serve static content, but it can also serve JSP pages and servlets. In this post I tried to summarize the knowledge I have found around. This will help me remember this information whenever I need it, and hopefully is useful for you as well. Courtesy: Koray Tugay

What is Tomcat? Is it a Web Server? What can Tomcat do? How is it different than Apache Web Server?

As it was a bit confusing for me, I made a small research on these and wanted to share some notes here.

What we should keep in mind from this answer is:

In general, the Apache HTTP server is just a plain old web server designed to serve static web pages. There are plenty of modules which can be installed to enhance Apache's abilities so that it can serve dynamic webpages using various technologies such as PHP, CGI or whatever, but the core of Apache is just a plain old HTTP server.

I think rest of the answer is not very clear, the part explaining what Tomcat actually is so let's move on to some other resources.. 

Even the question itself starts with good information:

 I know that Tomcat is written in Java and the HTTP Server is in C, but other than that I do not really know how they are distinguished. Do they have different functionality?

And a comment in the accepted answer gives us a lot of nice information:

Tomcat does indeed bring with it a capable web server. Tomcat is a Servlet/JSP container and also offers a web server. Tomcat's web server is quite good, able to handle most small and medium web site needs. With support for Java NIO and 64-bit memory, even some larger scale web sites may be served well by Tomcat's Catalina module. For various reasons, some folks choose to ignore Coyote and instead use Tomcat's Servlet capabilities behind the Apache httpd web server product.

Tomcat = ( Web Server + Servlet container + JSP environment ). The web server is ON by default when you run Tomcat’s startup.sh script, listening on port 8080 for incoming connections (HTTP calls). Tomcat is pure Java, with its own web server implementation (Coyote). The Apache HTTP Server (AHS), in contrast, has a completely separate implementation of a web server, using native C/C++ code. AHS is very flexible and powerful, but is often overkill. Tomcat's own web server works very well. Use AHS only if truly needed. This gives us the hint that Tomcat actually is a collection of a few modules.

Components

Tomcat 4.x was released with Catalina (a servlet container), Coyote (an HTTP connector) and Jasper (a JSP engine).

Catalina

Catalina is Tomcat's servlet container. Catalina implements Sun Microsystems' specifications for servlet and JavaServer Pages (JSP). In Tomcat, a Realm element represents a "database" of usernames, passwords, and roles (similar to Unix groups) assigned to those users.Different implementations of Realm allow Catalina to be integrated into environments where such authentication information is already being created and maintained, and then use that information to implement Container Managed Security as described in the Servlet Specification.

Coyote

Coyote is a Connector component for Tomcat that supports the HTTP 1.1 protocol as a web server. This allows Catalina, nominally a Java Servlet or JSP container, to also act as a plain web server that serves local files as HTTP documents.

Coyote listens for incoming connections to the server on a specific TCP port and forwards the request to the Tomcat Engine to process the request and send back a response to the requesting client. Another Coyote Connector, Coyote JK, listens similarly but instead forwards its requests to another web server, such as Apache, using the JK protocol.This usually offers better performance.

Jasper

Jasper is Tomcat's JSP Engine. Jasper parses JSP files to compile them into Java code as servlets (that can be handled by Catalina). At runtime, Jasper detects changes to JSP files and recompiles them.

The information I find here particularly important is:  

Apache Tomcat and Apache HTTP are completely different server technologies. It is impossible to use a plugin for Apache HTTP server with Tomcat.
Apache HTTP server is developed in C and so are the plug-ins. On the contrary Tomcat is now completely developed in Java. Tomcat doesn't only serve static content, but it can also serve JSP pages and servlets.

In this post I tried to summarize the knowledge I have found around. This will help me remember this information whenever I need it, and hopefully is useful for you as well.

Courtesy: Koray Tugay