Posts

Showing posts from September, 2014

Windows Username to SID mapping

I needed to map the sids of some users to their usernames the other day so I though that I should be able to use WMI to do it.

Indeed, you can use the command wmic useraccount get name,sid that will output a list of usernames and their sids.

If you try to run this on Powershell you'll get an error message about invalid GET expression, that is because of the comma. You can use the Start-Process cmdlet and start the command with the necessary arguments.

Citrix Access Gateway 4.5 Certificate Renew

I had a request recently to update the certificates on two Citrix Access Gateways v4.5.

I had the certificates for the URLs in .pfx format and the Root CA certificates also cause these had also expired.

The Citrix Access Gateway Administration Tool was installed at one of the Web Interface servers so the only thing I had to do was to convert the certificates and install them.
I installed the OpenSSL libraries to a Windows 7 vm, copied the certificates over and converted them with the command: openssl pkcs12 -in c:\certs\yourcert.pfx -out c:\certs\cag.pem –nodes
I also converted the Root CA certificates to Base64 format.

I logged into the devices using the Administration tool, switched to the "Administration" tab and updated the Root CA certificate and then the certificate for the URL.

These certificates had a different private key from the previous ones so I selected the option to upload the private key too.

After that, I restarted the devices  and everything went fine.

Powershell Error Handling

Writing powershell scripts often; If yes, I believe that you have to be checking for errors for every command.

A quick way that I use if to check the variable $error. I get the value $error.Count before a command and then compare that value to the value after the command. If it's increased, something went wrong.

You may also want to get the error that occurred. Good news, you can use the variable $error[0].

For any other stuff, take a look at the other members and properties of the $error variable.

Java Update Group Policy

For quite some time now I have users that complain about the Java update notifications and want me to log in and update with my credentials.

Since there is not need to have the latest Java version available as soon as possible, I decided to create a group policy object and disable the update notifications and process for all client computers.

I will of course continue to update Java on those computers manually.

There are two ways to do this, either create a ADM file with the settings or just add the changes as registry settings.

I decided to create a new group policy object with just the registry settings.

The keys you have to change are different for every combination of processor architecture and java architecture. Thus, you have three cases:x64 Windows and x86 Java
Set REG_DWORD with name EnableJavaUpdate located at HKLM\Software\Wow6432Node\JavaSoft\Java Update\Policy to 0x86 Windows and x86 Java or x64 Windows and x64 Java
Set REG_DWORD with name EnableJavaUpdate located at HKLM\Softwa…

Paging Command Results in Powershell

When a command has a lot of output, I usually pipe it to Where-Object but it's not always convenient enough...

There is a more command to which you can pipe the output of your command but the thing is that the first command has to be run in order to get the output.

A workaround for this it to pipe the output to Out-Host -Paging