All organizations should be using service accounts for Specific Tasks and Services, however, some legacy systems might not be. This script will search all servers listed in servers.txt and come back with any results with the username you search

#run this script as administrator
#create a servers.txt for all the servers you want to query
$Servers = Get-Content servers.txt
#add * infront and behind username for wildcard
$user = "*administrator*"

$findings = foreach ($computername in $Servers){

    $schtask = schtasks.exe /query /s $computername /V /FO CSV | ConvertFrom-Csv | Where { $_."Run As User" -like $user} | Select TaskName
    if ($schtask) {Write-Host "`nTask" + $computername + $schtask }
   
    $displayname = Get-WmiObject -class win32_service -computername $computername |where-object startname -like $user | Select displayname
    if ($displayname){Write-Host "`nService" + $computername + $displayname }
   
}
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently had a customer on Small Business Server think someone might be logging into the server as him. To check logs in IIS for a user : 

1 )Download and install Log Parser 2.2

2 ) Copy the logs from the default Location 

C:\inetpub\logs\LogFiles\W3SVC1 

to C:\Temp\Logs\

3) Save the following as query.sql in C:\Temp\Logs\

SELECT cs-username, date, time, c-ip, cs-uri-stem, cs(User-Agent) FROM C:\Temp\Logs\*
WHERE cs-method LIKE ‘%get%’ and cs-uri-stem LIKE ‘%owa%’

Run : 

Logparser.exe file:C:\Temp\Logs\query.sql -i:IISW3C -o:CSV

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
'---pin and unpin: taskbarpin.vbs [fullpath]------
'---Example: taskbarpin.vbs "C:\Windows\notepad.exe"
If WScript.Arguments.Count < 1 Then WScript.Quit
'----------------------------------------------------------------------
Set objFSO = CreateObject("Scripting.FileSystemObject")
objFile    = WScript.Arguments.Item(0)
sKey1      = "HKCU\Software\Classes\*\shell\{:}\\"
sKey2      = Replace(sKey1, "\\", "\ExplorerCommandHandler")
'----------------------------------------------------------------------
With WScript.CreateObject("WScript.Shell")
    KeyValue = .RegRead("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" & _
        "\CommandStore\shell\Windows.taskbarpin\ExplorerCommandHandler")

    .RegWrite sKey2, KeyValue, "REG_SZ"

    With WScript.CreateObject("Shell.Application")
        With .Namespace(objFSO.GetParentFolderName(objFile))
            With .ParseName(objFSO.GetFileName(objFile))
                .InvokeVerb("{:}")
            End With
        End With
    End With

    .Run("Reg.exe delete """ & Replace(sKey1, "\\", "") & """ /F"), 0, True
End With
'----------------------------------------------------------------------
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

List the permissions on all the folders

$OutFile = "C:\temp\Permissions.csv"
Remove-Item $OutFile -ErrorAction SilentlyContinue
$Header = "Folder Path,Exception,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Add-Content -Value $Header -Path $OutFile 

$RootPath = "D:\Shares\Users$"

try
{
#to add subfolders add - Recurse after $RootPath
    $Folders = dir $RootPath 2>&1 | where {$_.psiscontainer -eq $true} 
}
catch [System.Exception]
{
    $_.Exception.Message
}

foreach ($Folder in $Folders){
    
    try
    { 
        $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access  }
        $Exception = $false 
      }
    catch [System.Exception]
    {
        $Exception = $true
        $SystemMessage = $_.Exception.Message 
    }
    Finally
    {
        Foreach ($ACL in $ACLs)
        {
             if ($Exception -eq $false) {
            $OutInfo = $Folder.Fullname + "," + $Exception  + "," + $ACL.IdentityReference  + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
             }
           else {
            $OutInfo = $Folder.Fullname + "," + $Exception  + "," + $SystemMessage
           }
           Add-Content -Value $OutInfo -Path $OutFile
       }
    }
}

Change the permissions

#######################################################
# 
# I put this script together to fix the permissions on users' home folders
# that had gotten messed up when they were moved to a new fileserver
# cluster.  After many attempts that 'almost' worked, I incorporated scripts
# from fellow SpiceHeads, most notably Martin Pugh (Martin9700).  An 
# edit or two from others, (Simon Matthews helped with the Set-ACL syntax 
# and Martin Boyle contributed the Set-Strictmode line for debugging), and
# I fixed up the logging output.
# 
# There's a couple of comments in the script that I left in but really only apply
# to the limited type of environment I was dealing with (2003 functional domain 
# with no access to the ActiveDirectory module).  (I figure I can't be the only 
# with overlords stuck in the past.)
# 
# Mike Schulman (s31064) 11/19/2015
# 
#######################################################

#Set-Strictmode -Version Latest -Verbose	##### Uncomment for configuring to your situation, then comment out again when you've got it right.

$Path = "D:\Shares\Users$"

##### Permissions adds the users/groups and the permissions they should have.  The actual User should not be added here.  
##### What's on the line below is an example only.  The format is domain\user-group:Permission.  
##### Separate additional users/groups with a comma and enclose the list in "".

$Permissions = "%yourdomainname%\Domain Admins:FullControl"

# Setup Access Rules
# $Domain = (Get-ADDomain).NetBIOSName	##### Need to set statically on next line because of 2003 limitations.
$Domain = 'ENCOM'
$AccessRules = @()
ForEach ($Perm in $Permissions.Split(","))
{	$Group = $Perm.Split(":")[0]
	$Level = $Perm.Split(":")[1]
	$AccessRules += New-Object System.Security.AccessControl.FileSystemAccessRule($Group,$Level, "ContainerInherit, ObjectInherit", 

"None", "Allow")
}

##### Setup Logging
##### Pasting this script as text into a PS command line causes the line below to throw an error and place the log file in the C:\ folder.  The script still works.

$Log = "$(Split-Path $MyInvocation.MyCommand.Path)\Set-UserACL-$(Get-Date -format 'MMddyy-hhmm').log"
Add-Content -Value "$(Get-Date): Script begins" -Path $Log
Add-Content -Value "$(Get-Date): Processing folder: $Path" -Path $Log

##### This is where it all starts to happen.
##### You can also modify the -Path in the Get-ChildItem line to limit the number of folders affected during testing.

$Dirs = Get-ChildItem -Path "$Path\*" | Where { $_.PSisContainer }
$UserError = @()
ForEach ($Dir in $Dirs)
{	$User = Split-Path $Dir.Fullname -Leaf
	Try
	{	Add-Content -Value "-----------------------------------------------" -Path $Log
	 	Add-Content -Value "$(Get-Date): Testing $($User): $($Dir.Fullname)" -Path $Log

##### The next line should be        $Test = Get-ADUser $User -ErrorAction Stop
##### It will test for the existence of the user before looping through the script.  I had to take it out because of the limitations of my environment.

	 	$ACL = Get-Acl $Dir -ErrorAction Stop
        
        ##### Set inheritance to no
		#$ACL.SetAccessRuleProtection($true, $false)
        #Add-Content -Value "$(Get-Date): Inheritance for $User set successfully" -Path $Log
        
        ##### Set owner to user
		#$ACL.SetOwner([System.Security.Principal.NTAccount]$User)
        #Add-Content -Value "$(Get-Date): Owner $User set successfully" -Path $Log
        
        ##### Remove old permissions
		$ACL.Access | ForEach { [Void]$ACL.RemoveAccessRule($_) }
        Add-Content -Value "$(Get-Date): Old permissions for $User removed successfully" -Path $Log
        
        ##### Set new permissions
		ForEach ($Rule in $AccessRules)
		{	$ACL.AddAccessRule($Rule)
		}
		$UserRule = New-Object System.Security.AccessControl.FileSystemAccessRule("$Domain\$User","Modify", "ContainerInherit, 

ObjectInherit", "None", "Allow")
		$ACL.AddAccessRule($UserRule)
		Set-Acl -Path $Dir -AclObject $ACL -ErrorAction Stop
        Add-Content -Value "$(Get-Date): New permissions for $User set successfully" -Path $Log
	}
	Catch

##### This is where the errors get logged.  The first line logs them to the console, and the next two lines add them to the log file.

	{	Write-Host "Unable to process $($Dir.Fullname) because $($Error[0])" -ForegroundColor Red
		Add-Content -Value "-----------------------------------------------" -Path $Log
        		Add-Content -Value "$(Get-Date): Unable to process $($Dir.Fullname) because $($Error[0])" -Path $Log
	}
}

##### This just closes the log file.

Add-Content -Value "-----------------------------------------------" -Path $Log
Add-Content -Value "$(Get-Date): Script completed" -Path $Log
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
import boto3

def lambda_handler(event, context):
# TODO implement
userID='%%%%%%%' # redundancy user account ID
ec2 = boto3.client('ec2')
volumes = ec2.describe_volumes()
ec2Resource=boto3.resource('ec2')
for volume in volumes['Volumes']:
for attachment in volume['Attachments']:
instance=ec2Resource.Instance(attachment[u'InstanceId'])
instanceName=instance.tags[0][u'Value']
print "Backing up %s in %s" % (volume['VolumeId'], volume['AvailabilityZone'])
break
snapshots = ec2.describe_snapshots(Filters=[{ 'Name': 'owner-id','Values':[userID] }])
for snapshot in snapshots['Snapshots']:
print "Backing up %s in %s" % (instanceName, snapshot['SnapshotId'], volume['AvailabilityZone'])
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Looks like the main scrapers I found are Import.io and Octoparse

import.io gives you a free 7 day account with 500 Requests

  1. ) Get a list of all products
    Navigating around the site it looks like all their products are put on pages like this : https://www.ikea.com/au/en/catalog/categories/departments/outdoor/17893/ so we need to find a list of departments and their  , Ikea actually list them here : https://www.ikea.com/au/en/catalog/allproducts/

    Enter this URL in an import.io extraction service

    Voila

  2. Create a new extractor and enter one of the products pages then choose the Edit and select the products images and other info

    Now use the other extractor from Part 1 as an input to part 2

  3. Voila

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Get a list of programs currently install 

wmic /node:<REMOTE HOSTNAME> product get name, version, vendor

How to uninstall the Program

wmic /NODE:<REMOTE HOSTNAME> product where (name=”Windows Agent”) call uninstall
 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
  1. Install : Xdebug 

Can be done by install then entering the following :  /etc/php/7.1/fpm/php.ini:

zend_extension = /usr/lib/php/20160303/xdebug.so
xdebug.profiler_enable = 0
xdebug.profiler_output_name = cachegrind.out.%t
xdebug.profiler_enable_trigger = 1
xdebug.profiler_output_dir = /tmp
xdebug.profiler_enable_trigger_value = "<super secret key>"

In order, the configuration goes as follows: load the module, disable profiling be default, set the filename, enable triggering via GET/POST parameter, output in /tmp and only profile when given the key.

Restart php-fpm and you should be good to go.

2) Use the ?XDEBUG_PROFILE=<super secret key> appended to any page you want to debug and the debug file will be put in /tmp.

3) Open the debug file using something like : https://github.com/jokkedk/webgrind  For Analysis specifically for reducing 

Invocation Count is how many times that function was called. A simple tip for reducing this is to pull out any repetitive function calls from a for-loop into a single variable.

 Total Self Cost is the total percentage or time that the function is responsible for. You can improve this by reducing code complexity, using built-in native functions or removing unused variables.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)