PS – Read remote mySql Data from Powershell

#Load the .net MySql DLL
[system.reflection.Assembly]::LoadFrom("C:\MySql.Data.dll")
Clear

#Create the connection object
$myconnection = New-Object MySql.Data.MySqlClient.MySqlConnection

#Create the ConnectionString
$myconnection.ConnectionString = "database=my_database;server=my.sql.server.com;Persist Security Info=false;user id=my_database_user;pwd=my_database_pwd"

$myconnection.Open()

$command = $myconnection.CreateCommand()
$command.CommandText = "SELECT * FROM `Tablet` WHERE `ID` = '1'";

$dataSet = New-Object System.Data.DataSet

$reader = $command.ExecuteReader()

while
($reader.Read()) {
  for ($i= 0; $i -lt $reader.FieldCount; $i++) {
    write-host $reader.GetValue($i).ToString()
  }
}

$myconnection.Close()

Prevent Ransomeware with GPO and Software Restriction Policies

Software Restriction Policies

Software Restriction Policies (SRPs) allow you to control or prevent the execution of certain programs through the use of Group Policy. You can use SRPs to block executable files from running in the specific user-space areas that Cryptolocker uses to launch itself in the first place. The best place to do this is through Group Policy, although if you’re a savvy home user or a smaller business without a domain, you can launch the Local Security Policy tool and do the same thing.

One tip: if you’re using Group Policy, create a new GPO for each restriction policy. This makes it easier to disable a policy that might be overly restrictive.

Here’s how to do it:

Open up Local Security Policy or the Group Policy Object editor and create a new GPO. I’ll show you how to create two here — one for Windows XP machines (which use slightly different paths for the user space) and one for Windows Vista and later machines.
Name the new GPO “SRP for XP to prevent Cryptolocker” or something similar for you to remember easily.
Choose Computer Configuration and then navigate through Policies ’ Windows Settings ’ Security Settings ’ Software Restriction Policies.
Right-click Software Restriction Policies and choose New Software Restriction Policy from the context menu.
Now, create the actual rules that will catch the software on which you want to enforce a restriction. Right-click Additional Rules in the left-hand pane. Choose New Path Rule.
Under Path, enter %AppData%\*.exe.
Under Security level, choose Disallowed.
Enter a friendly description, like “Prevent programs from running in AppData.”
Choose New Path Rule again, and make a new rule like the one just completed. Use the following table to fill out the remainder of this GPO.

Path Security Level Suggested Description
%AppData%\*.exe Disallowed Prevent Cryptolocker executable from running in AppData*
%AppData%\*\*.exe Disallowed Prevent virus payloads from executing in subfolders of AppData
%UserProfile%\Local Settings\Temp\Rar*\*.exe Disallowed Prevent un-WinRARed executables in email attachments from running in the user space
%UserProfile%\Local Settings\Temp\7z*\*.exe Disallowed Prevent un-7Ziped executables in email attachments from running in the user space
%UserProfile%\Local Settings\Temp\wz*\*.exe Disallowed Prevent un-WinZIPed executables in email attachments from running in the user space
%UserProfile%\Local Settings\Temp\*.zip\*.exe Disallowed Prevent unarchived executables in email attachments from running in the user space

WinRAR and 7Zip are the names of compression programs commonly used in the Windows environment.

Close the policy.

To protect Windows Vista and newer machines, create another GPO and call this one “SRP for Windows Vista and up to prevent Cryptolocker.” Repeat the steps above to create the SRP and create path rules based on the following table.

Path Security Level Suggested Description
%AppData%\*.exe Disallowed Prevent Cryptolocker executable from running in AppData*
%AppData%\*\*.exe Disallowed Prevent virus payloads from executing in subfolders of AppData
%LocalAppData%\Temp\Rar*\*.exe Disallowed Prevent un-WinRARed executables in email attachments from running in the user space
%LocalAppData%\Temp\7z*\*.exe Disallowed Prevent un-7Ziped executables in email attachments from running in the user space
%LocalAppData%\Temp\wz*\*.exe Disallowed Prevent un-WinZIPed executables in email attachments from running in the user space
%LocalAppData%\Temp\*.zip\*.exe Disallowed Prevent unarchived executables in email attachments from running in the user space

Close the policy.

Once these GPOs get synchronized down to your machines — this can take up to three reboots to happen, so allow some time — when users attempt to open executables from email attachments, they’ll get an error saying their administrator has blocked the program. This will stop the Cryptolocker attachment in its tracks.

Unfortunately, taking this “block it all in those spots” approach means that other programs your users may install from the web, like GoTo Meeting reminders and other small utilities that do have legitimate purposes, will also be blocked. There is a solution, however: You can create ad-hoc allow rules in the software restriction policy GPOs. Windows allows these “whitelisted” apps before it denies anything else, so by defining these exceptions in the SRP GPO, you will instruct Windows to let those apps run while blocking everything else. Simply set the security level to Unrestricted, instead of Disallowed as we did above.

PS – Windows Server Feature check using XML

$ServerFeatures = Import-Clixml $PWD\PreRequsits\ServerFeatures.xml
foreach ($feature in $ServerFeatures) {if ($feature.displayname.Contains("3.5")) {Install-WindowsFeature -Name $feature.name -Source E:\sources\sxs\} else {Install-WindowsFeature -Name $feature.name}}

Python – Using haar cascades on image batches

Taking the process one step further to the previous post it is now possible to match multiple objects using haar cascades on batches of images using the following python code, you can download the source and xml files here Object Detection in multiple images

#Import required Modules
import cv2
import os

#Set Variables
input_path = "./input"
output_path = "./output"
file_extension = ".jpg"

#Import the casecade
cascade = cv2.CascadeClassifier('haarcascade_frontalface_default.xml')

#Walk through files in given directory
for subdir, dirs, files in os.walk(input_path):
    for file in files:
        #print os.path.join(subdir, file)
        filepath = subdir + os.sep + file

        if filepath.endswith(file_extension):
			image = cv2.imread(filepath)
			image_gray = cv2.cvtColor(image, cv2.COLOR_BGR2GRAY)
			image_gray = cv2.equalizeHist(image_gray)

			#Detect objects using cascade
			objects = cascade.detectMultiScale(image_gray, 1.1, 5)
			for (x,y,w,h) in objects:
			    cv2.rectangle(image,(x,y),(x+w,y+h),(0,255,0),2)
			    roi_gray = image_gray[y:y+h, x:x+w]
			    roi_color = image[y:y+h, x:x+w]

			#Show Detected Image
			#cv2.imshow('Detected Objects',image)
			#cv2.waitKey(0)

			#Save the Detection Image
			filesavepath = output_path + os.sep + file
			cv2.imwrite(filesavepath, image)

#Close any open windows
cv2.destroyAllWindows()

 

Python – Face detection using haarcascades

My first attempt at face recognition using haarcascades, opencv and python.

import cv2

cascade1 = cv2.CascadeClassifier('haarcascade_frontalface_default.xml')
cascade2 = cv2.CascadeClassifier('haarcascade_eye.xml')

img = cv2.imread('input.jpg')
img_gray = cv2.cvtColor(img, cv2.COLOR_BGR2GRAY)
img_gray = cv2.equalizeHist(img_gray)

#Show Converted Image for Debugging
#cv2.imshow('Converted Image',gray)
#cv2.waitKey(0)

#Detect objects using cascade1
objects = cascade1.detectMultiScale(img_gray, 1.3, 5)
for (x,y,w,h) in objects:
    cv2.rectangle(img,(x,y),(x+w,y+h),(255,0,0),2)
    roi_gray = img_gray[y:y+h, x:x+w]
    roi_color = img[y:y+h, x:x+w]

#Detect objects using cascade2
objects = cascade2.detectMultiScale(img_gray, 1.3, 5)
for (x,y,w,h) in objects:
    cv2.rectangle(img,(x,y),(x+w,y+h),(255,0,0),2)
    roi_gray = img_gray[y:y+h, x:x+w]
    roi_color = img[y:y+h, x:x+w]

cv2.imshow('Detected Objects',img)
cv2.waitKey(0)
cv2.destroyAllWindows()

PS – Powershell slow to load to prompt

Use this script to re-compile .net framework. 

$Env:PATH = [Runtime.InteropServices.RuntimeEnvironment]::GetRuntimeDirectory()
[AppDomain]::CurrentDomain.GetAssemblies() | % {
$pt = $_.Location
if (! $pt) {continue}
if ($cn++) {''}
$na = Split-Path -Leaf $pt
Write-Host -ForegroundColor Yellow "NGENing $na"
ngen install $pt
}

Blacklist Wireless Networks via Group Policy

So… you may have a guest wireless and a secure internal wireless in your building(s) and you may wish to stop your users from connecting to the open/guest wireless to bypass security/filtering or to prevent issues arising from using the wrong network.

The steps below will show you how you can blacklist wireless SSIDs.

Continue reading “Blacklist Wireless Networks via Group Policy”

RCP/HTTP Valid Ports reverting back to default

The PeriodicPollingMinutes key at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeServiceHost\RpcHttpConfigurator\ needs setting to zero to prevent RpcHttpConfigurator from updating the Valid Ports key automatically.

RPC over HTTP Failing due to MAPI Address Book connection on port 6004

Great article that goes into depth of why this issue exists and how to fix it. Basically make sure port 6004 is available on your DC’s

http://blogs.technet.com/b/exchange/archive/2008/06/20/3405633.aspx