Downloading from YouTube using Powershell

EDIT: As of 12/05/2016 this no longer works. Please use youtube-dl.exe as an alternative.

Sometimes when I’m travelling I don’t have internet access and I want to take videos with me. Here is a script to download videos from Youtube using Powershell.

Run the script with .\youtube.ps1 -video https://www.youtube.com/watch?v=videolink. It will ask which quality you want to download in first and then download it to the current directory.

Comment and share

Member count of distribution lists

I am looking at enabling certain features of mailing lists depending on how many users there are. The following script generates this report with group recursion.

By default it outputs to grouplisting.csv in the same folder you run the script from.

Comment and share

Disabling calendar and tasks archiving in Exchange 2013

In our Exchange 2013 environment we have a few users who have tasks that can occur once every 5-10 years. Unfortunately this doesn’t sit well with our retention policies and they get moved down to the archive mailbox. To disable them from getting archived, create a DWORD Value in HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeMailboxAssistants\Parameters called ELCAssistantCalendarTaskRetentionEnabled and make sure it is set to 0.

Restart the MSExchangeMailboxAssistants service after making this change.

Comment and share

Synology update URLs

If you have a restrictive firewall, Synology devices need two URLs allowed outbound to update:

  • download.synology.com
  • update.synology.com

I couldn’t really find this information anywhere else, so here you go.

Comment and share

Setting WMI permissions for PRTG

Setting permissions for PRTG to monitor WMI on systems is a bit of a chore. The script below sets the appropriate permissions for a lot of the WMI sensors in PRTG.

Run by using script.ps1 -Username "domain\user"

Please note that this needs ntrights.exe, which is included in the Windows Server 2003 Resource Kit

I may look in to making this a group policy script in the future but for starters this will do. It saves around 3-5 minutes of time per server, depending how fast you can click.

Comment and share

Manipulating SDDL's through PowerShell

I manage security for service accounts through access with least privilege. Monitoring with PRTG however means that most of the WMI sensors need local Administrator access, which I’m not too happy about. One such situation is if you need to access the state of running services. To get around this, use the script below.

One example:

sddlset.ps1 -Username "domain\monitoring" -Service w3svc -Rights Read -Computer webserver

This will then resolve the SID for the user, add it to the SDDL with necessary permissions and then spit out the result. To allow any access at all you will first need to give the user permissions on scmanager, so run sddlset.ps1 -Username "domain\monitoring" -Service scmanager -Rights Read -Computer webserver.

Edit 12/02/2015: Added help function to script, added ability to perform remotely.

Comment and share

TokenMungingException in Exchange OWA

I’ve been busily rolling out Exchange 2013 SP1 at work and I’ve finally gotten to the stage where I can start migrating mailboxes over. Lo and behold, the fourth mailbox moved over had a strange issue whilst trying to access OWA:

1
2
3
4
5
6
7
8
9
something went wrong
Sorry, we can't get that information right now. Please try again later. If the problem persists, contact your helpdesk.
X-OWA-Error: Microsoft.Exchange.Security.Authentication.TokenMungingException
X-OWA-Version: 15.0.847.32
X-FEServer: MAIL2013-1
X-BEServer: Mail2013-2
Date: 28/04/2014 11:35:42 AM

It turns out that some users had a “LinkedMasterAccount” attribute set to “NT AUTHORITY\SELF” that didn’t need to be. The script to check all users with this attribute set:

1
Get-User -ResultSize unlimited | where {$_.linkedmasteraccount -eq "NT AUTHORITY\SELF" -and $_.recipienttypedetails -ne "RoomMailbox" -and $_.recipienttypedetails -ne "Equipmentmailbox" -and $_.recipienttypedetails -ne "DiscoveryMailbox"} | select name | ft

This will spit out all accounts that aren’t room, equipment or discovery mailboxes with the LinkedMasterAccount set to “NT AUTHORITY\SELF”. From there, you can change it to $null with:

1
Set-User -Identity <user> -LinkedMasterAccount $null

After setting this the user was able to log in.

Comment and share

elasticsearch-trim

I got sick of having to trim my Logstash indices in Elasticsearch manually, so I created a PowerShell script and set it as a scheduled task. By default it keeps the last 60 days.

1
2
3
4
5
6
7
8
9
10
11
12
13
#Replace with the URL of your Elasticsearch instance
$url = "http://elasticsearch:9200/"
#Replace with how many days you want to keep, minus one (below means 60)
$i = 59
$request = (Invoke-WebRequest -Uri $url/_aliases).content | ConvertFrom-Json
$indices = $request | Get-Member | where {$_.name -like "logstash*"} | select name | sort name -Descending
$count = $indices.count
do {
    $var = $indices[$i].name
    Invoke-WebRequest -Uri $url/$var/ -Method Delete
    $i++
}
until ($i -eq $count)

Works well, but it doesn’t send a report or anything that it has been done.

Comment and share

Jacob Ludriks

author.bio


author.job