Blog

Powershell : Query for user’s last logon date

I needed to work out some AD accounts’ last logon dates to make a further assessment, in powershell I found this was fairly simple:

To get a list of all user attributes available for query:

$> get-aduser -identity <USERNAME_HERE> -Properties *

To query for last logon date:

$> get-aduser -identity <USERNAME_HERE> -Properties LastLogonDate

 

Ubuntu, Kernel 4.14+, VMWare Workstation 14

I was unable to compile the ubuntu kernel patches for VMWare Workstation 14.0 for a couple of reasons on Ubuntu 16.04 with an updated kernel v4.14:

 

1. Launching VMWare Workstation resulted in a GUI window complaining no GCC-7.2 was available, solved by the following commands (thanks to https://askubuntu.com/questions/859256/how-to-install-gcc-7-or-clang-4-0) :

sudo add-apt-repository ppa:jonathonf/gcc-7.1
sudo apt-get update
sudo apt-get install gcc-7 g++-7
 

2. The next failure was with further kernel compiling modules with the vmmonitor service failing. This needed a patch on the install scripts to support the latest kernel, resolved by the following commands (thanks to https://github.com/mkubecek/vmware-host-modules/commit/770c7ffe611520ac96490d235399554c64e87d9f for the patch and https://superuser.com/questions/1255099/vmware-workstation-not-enough-physical-memory-since-last-update/1255963 for guidance on applying it):


~$ sudo cd /tmp
~$  cp /usr/lib/vmware/modules/source/vmmon.tar .
~$  tar xf vmmon.tar
~$  rm vmmon.tar
~$  wget https://raw.gi 
thubusercontent.com/mkubecek/vmware-host-modules/fadedd9c8a4dd23f74da2b448572df95666dfe12/vmmon-only/linux/hostif.c
~$  mv -f hostif.c vmmon-only/linux/hostif.c
~$  tar cf vmmon.tar vmmon-only
~$  rm -fr vmmon-only
~$  mv -f vmmon.tar /usr/lib/vmware/modules/source/vmmon.tar
~$  vmware-modconfig --console --install-all

Ubuntu, LVM, Partitions

Ubuntu disk partition extension under LVM:

1/ extend the LVM volume (cheated with gparted but parted would work fine, this is the container partition for the “Volume Group”.

 

2/ Next launch LVM and use “lvdisplay” to print the current output, mine was a container group with a single logical volume named “root”

 

3/ Now I know the location and name of the LV I can issue the following command to expand it into the available free space created in step 1:

lvextend -l +100%FREE /dev/Container1/root

 

4/ Finally exit lvm and expand the file system to fill the LV:

sudo resize2fs /dev/Container1/root

Ubuntu

Issuing “apt-get update” or “apt-get upgrade” commands resulted in the following error:

E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?

I couldn’t locate any running processes which would be locking these files so went ahead and removed the lock files via:

sudo rm /var/lib/apt/lists/lock
sudo rm /var/cache/apt/archives/lock
sudo rm /var/lib/dpkg/lock

And then repeated the commands successfully.

 

Ubuntu & Virtualbox

Ubuntu 16.04 (kernel 4.14), Virtualbox

I was trying to install Oracle VirtualBox either from their repo or from the Ubuntu repo but both failed to compile the Kernel Module.

I tried various guides before actually reading the error log whereupon I found the “libelf-dev” package was required (at least for installing virtualbox-5.2 from Oracle directly!).

Microsoft Office 2016 Licensed via KMS but with Activation Splash Screen on launch

Resolved by following https://support.office.com/en-us/article/Office-repeatedly-prompts-you-to-activate-on-a-new-PC-a9a6b05f-f6ce-4d1f-8d49-eb5007b64ba1

 

 

  • Close the activation window and all Office apps.

  • Right-click the Start button Windows Start button in Windows 8 and Windows 10 on the lower-left corner of your screen, and select Run.
  • Type regedit, and then press Enter. Select Yes when prompted to open the Registry Editor.
  • On the left side of the Registry Editor, under Computer, navigate to the following key in the registry:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\16.0\Common\OEM

  • Right click the OEM value and click File>Export.
  • Save the key.
  • After the key is backed up, select Edit>Delete.
  • Repeat steps 3-6 for the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\OEM

  • Close the Registry Editor and start Office again.

 

Plotting Multiple Postcodes on Google Maps

Description of the task

I received an Excel spreadsheet with a list of personal data including names, telephone numbers, membership numbers and addresses. I wanted to plot the addresses on a map in a way that left only the postcode identifiable for reasons of data protection as a postcode alone will not be traceable to more than a street it conforms with the requirements of being personally identifiable. Therefore the task required two stages to complete:

  1. Anonymise personally identifiable data (offline on a secure computer)
  2. Plot anonymised data on Google Maps

References

My thanks to “Lisa in the Health Library” for her blog post which pointed me to Google Fusion Tables

Anonymise personally identifiable data

To anonymise the data I created an additional column in the identifiable spreadsheet named “ID” and populated it with a contigious record count from 1 through to the last row and then saved the edited identifiable spreadsheet.
I then created a second blank Excel spreadsheet (which I’ll refere to now as the anonymised spreadsheet) and copied both the postcode column and the newly created “ID” column from the identifiable spreadsheet into the anonymised spreadsheet and saved it under a new name.
I now have a working anonymised spreadsheet which only I can identify the owners of the postcodes by referring back to the “ID” field in the identifiable spreadsheet if needed.

Plot anonymised data on Google Maps

Using *only* the anonymised spreadsheet I then followed the guidance from “Lisa in the Health Library”‘s blogpost here: https://lisainthehealthlibrary.wordpress.com/2014/05/05/creating-google-maps-from-postcode-data/ and completed the mapping.

Powershell : Query Computer for Installed Software

Onwards with the powershell quest, this code queries the remote computer named “PC1” for installed software and writes the results to a local file “C:\PC1_InstalledPrograms.csv”. The ouput is filtered for the “Displayname”,”Publisher”,”Version” and sorted by DisplayName.

Note: it does require SCCM’s Software Centre installed I think!

PS C:\Windows\system32> get-wmiobject -class win32reg_addremoveprograms -computername PC1 | select-object Displayname,Publisher,Version | export-csv -path "c:\PC1.csv"

Windows 7 Boot Sector Repair

The Scenario

I was working on a dual booted MBR style disk which had Windows 7 and Ubuntu installed. I was asked to remove the Ubuntu partition(s) and extend the Windows partition. The user had a backup of all data from the Ubuntu partition, not the Windows. The GRUB boot loader was in operation.

The Solution

I began by backing up the disk.

I then booted into Windows and inspected the disk partitions via Disk Manager and (thankfully) found that Windows had been installed first, shrunk and then Ubuntu installed. This was apparent by seeing the order of partitions on the disk from left to right. I then deleted the 2 Ubuntu related partitions at the end of the disk (both were present after the Windows OS partition) and extended the Windows partition into the recovered space.

Then I rebooted into a Windows Recovery environment via a USB install I’d been supplied with and let Windows attempt a start-up repair, that failed and no valid Windows partitions were displayed, which might be normal if GRUB is controlling the bootloader but I’d have expected Windows PreInstalled Environment to detect the local partition.

I then opened a command prompt and ran the following commands:

bootrec /fixboot

-This ran successfully

bootrec /fixmbr

-This failed to complete, unable to find device or somesuch

bootrec /rebuildbcd

-This failed, it was unable to write to device

I spent a good hour attempting to manually rebuild the bootloader via bcdedit commands which eventually failed until I came across a thread suggesting the issue is booting from Windows 7 USB media.

I then dug out an old Windows 7 DVD and booted from that and voila, the above commands worked successfully. I did have to trash c:\boot\BCD via the commands:

attrib c:\boot\bcd -s -h
move c:\boot\bcd bcd.old

and then set the OS partition (no 100MB System partition on this disk) to active before running them successfully. I also then launched the Windows Startup Repair from within the DVD repair tools to correct any faults with active partitions etc. Following that the system booted.

Hope this helps someone, what should have take 15 mins ended up taking me 2 hours!