Welcome to The Power Admin, The Power Administrator. This is the blog of two Power Administrators. Not only PowerShell administrators. We both have been in the IT business for a long time and there for are we administrators with power.
This is the home of Fredrik "Dalle" Wall and Fredrik "DXter" Jonsson. Read more about us in the About section.
… that is what my girlfriend said to me when she checked our mail at home. Two months ago, Eyal Webber-Zvik, a Project Manager at SCsquare (SC²) contacted me and gave me the offer (and pleasure) to send me a couple of smartcards from his company for evaluation and testing. He mainly just wanted to get some feedback regarding their smartcards from the field and real life from a PKI geek just like myself.
Yes, they are being installed from Windows Update through the smart card plug and play feature in Windows 7, just like the Gemalto .NET cards! That is so cool! We like that a lot!
If I should be honest, it didn’t cross my mind one single time that I hade changed smart cards to these Apollo OS cards during all my tests! They are completely transparent and just as fast and cool just like Gemalto .NET. However, I really like the administrative website that Gemalto provides for free to their .NET card customers. Hopefully SC² will provide something similar to their customers that doesn’t have ILM 2007 (or Forefront Identity Manager 2010 as it is now called).
Another cool feature of these cards is that you can have different PIN’s for Digital Signature, Encryption, Authentication, etc, based on key container, which is awesome!
Today, one of my customers had the need to uninstall Symantec Corporate Edition using a script that runs 100% unattended, to be able to replace the antivirus software with a other one. My first thought was that this was piece of cake, since I knew that the Symantec software installs through a MSI package. Because of that, I thought that I could just tell msiexec to uninstall the software using its GUID.
But Symantec Corporate Edition also has a “uninstallation password” thats needs to be entered by a prompt during the uninstallation to be able to continue to uninstall the software, regardless of you are local administrator or not. But after a 5 minute investigation, I found out that the requirement of the uninstallation password is decided the presence off a registry key. Since I was a local administrator of my test machine at my customer, I simply changed the following registry keys values to 0 using cmd:
After I made that change, I could uninstall the software without any problem at all and totally regardless if I knew the uninstallation password or not. (Even though the password is also stored in the registry. ) All I needed to run was: msiexec.exe /uninstall {7C9E6E52-EB11-44DB-A761-82D5D873A8D9} /q /norestart remove=all
Unfortunately, the uninstallation of Symantec Corporate Edition did NOT uninstall Symantec Live Update, since it apparently was not included in the MSI package. So I had to uninstall it separately using:
After that, all I needed to do was to restart the computer with shutdown –r –t 0.
So Symantec, my question to you guys is: “What is the point of trying to deny a local administrator to uninstall the software using a uninstallation password, when he or she can change that requirement anyway?”
Often when I try (or develop) cool things regarding PKI, I very rarely use “real” certificates during the testing/evaluation. During many of my tests when I need certificates for signing, encryption or authentication, I use self signed certificates. To simplify the creation of those certificates (which are for testing purposes only) I have made a simple cmd based wizard (which is calling makecert.exe and certutil.exe) to do the job for me.
You also have the option to create a Smart Card Logon certificate directly on a smartcard if the smartcard is using the Base CSP.
The wizard will prompt you for input such as name, e-mail address, etc and then generate the certificate in the users personal store when enough input has been entered. Besides generating a self signed certificate, the wizard also exports the certificate (without the private key) and imports it to the TrustedRoots store for the current user. If you are creating a code signing certificate, the certificate is also copied to the TrustedPublishers store and if you are creating a S/MIME certificate, the certificate is also copied to the AddressBook store. Please note that it is also running without the need for any administrative privileges.
I will post it here in a few days, so until then, please let me know what you people think and what you guys want in the wizard, and maybe I can implement it before it gets released. If you want to beta test it, send an e-mail to dxter [at] poweradmin [dot] se.
Måste säga att Microsoft hade fått till det riktigt bra. Tack för att jag fick stå där och representera Scandinavian PowerShell User Group.
En bild på mig ståendes i montern. Bilden är tagen av Jan Viderén.
De två frågor som dök upp mest kring att jag stog på plats och representerade gruppen var:
Är det många som registrerat sig?
Varför står du där?
Nä, vi fick inte massor med nya medlemmar, men vi fick folk nyfikna och vi kommer att skicka ut mail med information kring gruppen till dem och jag kommer även att skicka information kring bra sidor till de som var intresserade av det.
Varför jag står på TechDays för andra året i rad är en enkel fråga. Jag står där för att svara på frågor kring PowerShell, informera om PowerShell, lyssna på åsikter kring PowerShell, nätverka och träffa folk i branchen.
Några reflektioner och tankar som jag fick med mig efter detta är att vi nog ska börja tänka på om det kanske ska vara lokala användargrupper istället för en enda i Skandinavien.
Under TechDays så kunde de som var förbi i montern se en liten demonstration av vad man kan göra med PowerShell och .net framework i form av en Twitter Status klient i 100% PowerShell kod.
Bild på min lilla PowerShell applikation “in action”. Bilden är tagen av Jan Viderén.
Bild på montern dag två. Boken som Niklas Goude hade skrivit och godiset jag bjöd på lockade en del folk.
Vi hade en dessutom en tävling där vi lottade ut boken. Den vanns av Mats Hultgren på Täby Kommun, grattis Mats.
Då det var en utlottning för en PowerShell användargrupp så löste jag utlottningen med hjälp av PowerGUI script Editor och följande oneliner: Get-Random -Min 1 -Max 14.
Hade alla deltagare i en textfil som jag öppnade i PowerGUI script editor och sedan körde jag onelinern i ett annat fönster och fick då siffran 3 som motsvarade Mats rad.
Enkelt och lite geekigt
Nu återstår det bara att få iväg boken till vinnaren.
För er som frågade om vart man får tag i boken så kan ni ta en titt på http://www.powershell.se där det finns mer information om den.
Tack Niklas och Zipper för att vi fick lotta ut den. Det var många som var intresserade.
Till sist måste jag bara säga att Henrik Shyfert var riktigt skoj att se på scenen.
Här nedan kommer alla bilder som ligger på Flickr och är taggade med TechDaysSE.
I am very happy to present that many people seemed to be interested about Windows security during #TechDaysSE. Many people appreciated very much both mine and Hasain’s advices about Windows security, and our very cool give aways which was smart cards and card readers. Hasain also had a session during #TechDaysSE, called “Next Generation PKI”, which was excellent! I was lucky to get a chair to sit on during it, because the place was packed! Anyway, we are both happy and satisfied about TechDays. We even recruited some people to WINSEC.
Hasain and DXter with only two smart cards and readers left!
Mellan en massa jobbsaker och privata saker så har jag suttit och knåpat på en liten enkel Twitter Status Klient för TechDays 2010 i Örebro.
Och lagom till kvällen innan starten av TechDays så är den klar.
Det är en enkel klient som på default tabben visar de 50 senaste Twitter meddelandena om #TechDaysSE.
Och tabbenTop 50 Twitters about #TechDaysSE visar top 50 bland de senaste 100 meddelandena om #TechDaysSE. Twitter verkar inte gilla att ta fram fler än 100.
Skicka ett direct message på Twitter (@walle75) till mig om du är intresserad av denna PowerShell applikation.
Och den kommer att finnas i montern för The Scandinavian PowerShell User Group.
I have for a very long time tried to explain to people that network security using pre shared keys is a false feeling of security (you should look at PKI based solutions instead )! Many people seems to think that you must have one of those evil hacking tools (that your antivirus probably will detect) to be able to get your password for your WLAN from your computer in a clear text format. But that is incorrect, we can actually do this with built in tools in Windows.
For example, the following one liner is using netsh to reveal your WLAN password and is using PowerShell to sort out the security information and dumps it into a text file in the folder that your are executing the command. This command should be executed in an elevated PowerShell prompt.
Two months ago, Eyal Webber-Zvik, a Project Manager at SCsquare (SC²) contacted me and gave me the offer (and pleasure) to send me a couple of smartcards from his company for evaluation and testing. He mainly just wanted to get some feedback regarding their smartcards from the field and real life from a PKI geek just like myself. 
They are completely transparent and just as fast and cool just like Gemalto .NET. 
But after a 5 minute investigation, I found out that the requirement of the uninstallation password is decided the presence off a registry key. 
