Author Archives: AnonIT

Add Raspberrian (Jessie) to a wireless network

Login to the device using SSH
Type the following command:

sudo nano /etc/network/interfaces
 
Add the following lines at the bottom:

auto wlan0
iface wlan0 inet dhcp
wpa-ssid “SSIDNAME”
wpa-psk “PSKPASSPHRASE”
 
Where SSIDNAME is the SSID network name, and PSKPASSPHRASE is the passphrase for the wireless network.
EG: If my network was called:
Front Office Wireless
and my network passphrase is:
QLDWireless3827
The interfaces file will look like:

auto lo
iface lo inet loopback

iface eth0 inet manual
allow-hotplug wlan0
iface wlan0 inet manual
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

allow-hotplug wlan1
iface wlan1 inet manual
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

auto wlan0
iface wlan0 inet dhcp
wpa-ssid “Front Office Wireless”
wpa-psk “QLDWireless3827”

Press CTRL-X to exit, press Y to save changes, and press ENTER to save the file called interfaces
type:

sudo /etc/init.d/networking restart
 
to restart the networking services.

You should then be able to see the IP Address that is assigned to WLAN0.
type ifconfig to see the network settings in full.

image

Headless install of Raspbian (Jessie)

I needed to perform an install of Raspbian (Jessie) on a Raspberry PI, but I didn’t have a spare keyboard, mouse, or monitor / tv to connect it to. 
Download Raspbian from (current Jessie):
https://www.raspberrypi.org/downloads/
At the time of writing it was 4.1 (I used the lite version)
Download and install the SDCard Formatter from SDCard.org:
https://www.sdcard.org/downloads/formatter_4/eula_windows/
Download and install Win32 Disk Imager from sourceforge:
https://sourceforge.net/projects/win32diskimager/
 
Connect the SDCard, and run the SDFormatter application as an administrator.
This procedure will delete anything on the SDCard
clip_image002
Ensure the drive letter specified in the SDFormatter is the same as the drive letter of the SDCard connected (Open ‘Computer’ and check if need be)
clip_image004
Click the Option button and set FORMAT SIZE ADJUSTMENT to ON
Click OK.
clip_image006
click Format and Click OK
clip_image008
Click OK
clip_image010
Wait!
clip_image012
Once the format is finished, click OK and then click Exit.
clip_image014
  Run Win32 Disk Imager as Administrator
image
Select the correct Device, browse and select the Raspbian Jessie image downloaded, and click Write
image
Double check the drive letter, and click Yes to proceed
image
This will copy the Raspbian Jessie image to the SDCard, and may take some time.
Once the write is Successful, click OK, and Exit the Win32 Disk Imager

image

edit 22/03/17
Open the USB drive in file explorer and create a new blank file called ssh in the root.  (Make sure you don’t have an extension on the file).  See note #3  https://www.raspberrypi.org/documentation/remote-access/ssh/

Connect the SDCard back into the Raspberry Pi, connect an eternet cable, and boot the device.
After some time, check your DHCP server or logs to identify the IP address of the device, alternatively query dns for raspberrypi.
Using putty, connect to the device using SSH.
image
Click Yes to the key warning
image
Login credentials are:
username: pi
password: raspberry
image
Run the initial Raspberry Pi Configuration by using the command:
sudo raspi-config
image
Modify the configuration as required.  Once completed, select Finish
If prompted to reboot, select No
image
Update the package source by running the commands
sudo sed -i ‘s/wheezy/jessie/g’ /etc/apt/sources.list
sudo sed -i ‘s/wheezy/jessie/g’ /etc/apt/sources.list.d/*
Update the package list using the command
sudo aptget update
Update the distribution
sudo apt-get dist-upgrade
Select ‘Y’ to continue if prompted.
This may take some time.
Once completed, uninstall group-bin and configuration files
sudo aptget purge cgroupbin
It may / may not have anything to uninstall.  This can prevent the unit from booting.
Change the name of the device
sudo nano /etc/hostname
CTRL-X, Y and <Enter> to save the name
sudo nano /etc/hosts
Change the line
127.0.1.1     raspberrypi
to
127.0.1.1     <new name of the device>
CTRL-X, Y and <Enter> to save the name
 
Reboot the unit with
sudo reboot
 
Reference:
http://tech.tiefpunkt.com/2015/06/headless-raspberrypi-installation-with-raspbian-jessie/
https://www.raspberrypi.org/documentation/installation/installing-images/README.md
http://askubuntu.com/questions/231562/what-is-the-difference-between-apt-get-purge-and-apt-get-remove
http://packages.ubuntu.com/trusty/admin/cgroup-bin
http://www.raspians.com/Knowledgebase/how-to-change-hostname-on-raspberrypi/
https://www.raspberrypi.org/documentation/remote-access/ssh/

Download a list of files from websites using Powershell

I saw a great article about a 1950s Science Fiction magazine, now available for download (http://arstechnica.com/the-multiverse/2016/02/you-can-now-read-the-entirety-of-sci-fi-magazine-if-for-free/).

In the comments, someone had collated a list of URLs to provide to a download manager.  Since I didn’t have one, and I knew that Powershell had a way to download a file from a URL, I decided to create my own.

The script available here: http://pastebin.com/7NDkzEJN will allow you to provide a text file containing a list of URL’s and download the file.

Group Policy Software Deployment OpenVPN

You will require:

OpenVPN Code signing certificate: http://anonit.blogspot.com.au/2016/03/extract-openvpn-driver-code-signing.html
OpenVPN MSI – instructions here:

Create the deployent share, and set permissions as appropriate: http://anonit.blogspot.com.au/2016/03/group-policy-software-deployment.html

Place the OpenVPN MSI into the deployment share.

Open GPMC.MSC


Expand the domain, and expand Group Policy Objects.  Right click and select New


Give the software deployment a name, and click OK


Right click the GPO and select Edit…


Expand Computer Configuration –> Policies –> Software Settings  Right click on
Software Installation and select New –> Package…


Navigate to the deployment share via UNC, select the MSI, and click Open.


Select Assigned and click OK.


The application is now assigned for install.


Navigate to Computer Configuration –> Windows Settings –> Security Settings –> 
Public Key Policies.  Right click Trusted Publisher and select Import…



Click Next



Click Browse


Navigate to the OpenVPN certificate and click Open


Click Next



Click Next


Click Finish


Click OK



The certificate is now ready to be pushed out via Group Policy.


Drag the Group Policy Object (EG: Install Open VPN Client) and release on the OU you wish to
deploy the software to.  (EG: Corp Computers).


The software will now be deployed to computer objects in that OU.

Group policy Software deployment permisisons

When deploying software deployment via group policy permissons must be set so that the computer account has read permission to the install files.

To check this, open Computer Management and open Shared Folders.

Right click the deployment share and select Properties



Domain computers at a minimum should have read.  In this example, I have Everyone as read.



Open Windows Explorer and navigate to the deployment folder.  Right click the deployment folder
and select Properties


On the Security tab, you can see i have added Domain Computers as Read & execute, list
folder contents, and Read.


This will allow the computer accounts to access the softwaredeployment share.

Extract OpenVPN driver code signing certificate

To extract the OpenVPN driver code signing certificate, download OpenVPN from here: https://openvpn.net/index.php/download/community-downloads.html (this article was created using version 2.3.10)

On a test machine, install as administrator.


Click Next


Click I Agree


Ensure that only TAP Virtual Ethernet Adapter is selected and click Next


Click Install


On the windows security dialog, tick Always trust software from “OpenVPN Technologies, Inc.”.
and click Install.


Once installed, click Next


Click Finish


Open the MMC



Click File and select Add/Remove Snap-in…


Select Certificates and click Add.


Select Computer Account and click Next



Select Local comptuer: (the computer this console is running on) and click Finish


Click OK


Expand Certificates (Local Computer) –> Trusted Publishers –> Certificates.

Right click the OpenVPN Technologies certificate and select All Tasks –> Export…


Click Next



Select Base64 encoded x.509 (.CER) and click Next



Click Browse, navigate to the location you wish to save the certificate and click Next


Click Finish


Click OK


The certificate is now in the location specified.

OpenVPN – Creating an MSI installer

To create an MSI installer for open VPN will require:

WIX: http://wixtoolset.org/releases/ (This was created using 3.10.2)

Open VPN installer: https://openvpn.net/index.php/download/community-downloads.html (This was created using 2.3.10)

2 x GUID: http://www.guidgen.com/

Createmsi.bat: http://pastebin.com/gbT4b2wC

Openvpn-install-2.3.10-i602-x86_64.wxs: http://pastebin.com/yTYWaT13

Download WIX from the link above.

Install by running as administrator.

Install.


Create a folder in the root of C drive called OpenVPN.


Modify Openvpn-install-2.3.10-i602-x86_64.wxs.  Change the following:

<?define ProductVersion = “2.3.10“?>

<?define ExeSourceFile = “openvpn-install-2.3.10-I602-x86_64.exe“?> 

<?define ProductCode = “9dc4937b-e23c-42a3-a344-86b78f61f8d1“?>

<?define ProductUpgradeCode = “407cfa7d-b3fc-48a9-abfc-2088070685a7“?>

ProductVersion is the version of Open VPN to install.

ExeSourceFile is the name of the Open VPN executable file.

ProductCode is one of the GUID you generated.

ProductUpgradeCode is the 2nd GUID generated.

The wxs file name will need to be changed to reflect the exe installer name.


The GUID are used to identify the products.  The ProductCode is the ID of the version we are
installing now.  The product upgrade code will allow upgrading of previous versions to the current version.  In the example ablove, I will install a product code of 9dc4937b-xxx.  This will update
product code of 407cfa7d-xxx.  When i create the next version, I will generate a new GUID and use that for the product code, but place the 9dc4937b-xxx into the product update code.

Place CreateMSI.bat andOpenvpn-install-2.3.10-i602-x86_64.wxs into the c:openvpn folder.


Open an administrator command prompt.


Navigate to c:openvpn and run CreateMSI.bat.


This will create the MSI in the c:openvpn folder.

WSUS Cleanup Server 2012

I’ve inherited a customer with a badly running WSUS server.  It is running on Server 2012 with SQL 2012.  Maintenance had never been run, and attempts to do so failed with the cleanup wizard timing out.

I’ve created a powershell script, available here: http://pastebin.com/u2yuexXf that I have been able to use to clean it up.  It also requires the WSUSDBMaintenace.sql file from here, and SQL Management Studio if not already installed, available here.

The script performs the following:
Run the cleanup wizard;
Reindex the database;
Decline Itanium updates;
Shrink the database;
Optionally send an email.