Stop Chrome (or any app) from preventing Screen Locking and/or Screen Saver

A minor problem that has plagued me for some time, I would be done for the day, leave the home office, and yet hours later all 4 screens were still left on. I hate paying for the power to leave my screens on all night plus the fact it reduces the screens longevity. Most importantly, its a security issue. I want my computer to lock when I am not at it. Many times I press Win+L to lock but sometimes I forget.

I generally leave my security cams up on the top screen, and I was fairly sure Chrome has a way of telling Windows to not go to sleep because media was playing. Well, I was right.

Detecting the Issue

Simply run this command to see what is holding up the system:

powercfg /requests

Notice there under DISPLAY: that Chrome is playing video?

The Fix

The block Chrome from preventing the computer from sleeping simply run this command (change it from chrome to another app name if its not chrome):

powercfg -requestsoverride PROCESS chrome.exe awaymode display system

Enjoy,

-Eric

PowerShell Error: The underlying connection was closed: An unexpected error occurred on a send

I got mad the other day, trying to do a simple wget (i.e. invoke-webrequest) to an Azure Function I made and I was getting:

The underlying connection was closed: An unexpected error occurred on a send

I tried switching to .NET Webclient but still same error.

What was more frustrating is that it worked on my dev machine, worked on the server I was running to code on in a browser, just not in powershell.

The Fix

Apparently PowerShell version 5 defaults to TLS 1.0. Azure Functions require TLS 1.2. The fix is super simple, just add this in your code on its own line:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Can not install Exchange Online PowerShell MFA Update due to ClickOnce Application Security Settings

If you can not install the Exchange Online PowerShell Update which enables MFA (which can be found here: https://outlook.office.com/ecp -> Hybrid -> Second Button) due to Windows not letting you install it then edit this area of the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\TrustManager\PromptingLevel

Set Internet to Enabled (and if that isnt enough set them all to Enabled)

Once installed set back to Disabled

 

 

Record Hyper-V Console

Every few months thanks to Windows 10 its time to roll out a new image. This is a simple yet tedious task.  Thanks to modern day multi-tasking its easy to miss something in testing of new images. Then I have to restart the whole process wasting time.

This script will record the screen by taking screenshots every second. I suppose you could use a 3rd party tool to merge them together into a video if you really needed to.

The script includes de-duplication of images so if the screen stops moving so does the recording. That plus using JPEG format makes the images fairly small.

Oh yes, dont forget to “Run as Admin”

Enjoy!



Big thanks to Ben Armstrong for the original work on this script:

https://blogs.msdn.microsoft.com/virtual_pc_guy/2016/05/27/capturing-a-hyper-v-vm-screen-to-a-file/

Windows Update Stuck on “Searching for Updates” on Windows Server 2012 R2

This one was a nightmare. If you search the internet for “Searching for Updates” you will find a lot of pages but none that I saw had this resolution.

In my case on my server the problem was actually related to Flash updates. After working with Microsoft Support it was discovered that a large number of pending Adobe Flash updates were causing the search to never finish so the fix was to manually update Flash.  This was done by installing KB3214628

Hope this helps someone else out, this took MS Support weeks to figure out.

-Eric

Query Azure SQL Database Table via Powershell

Real quick one… I have used similar code for ages to query local on-premise SQL databases. However Azure requires the use of encrypted connections.  Here is some fully working code:

#Set Defaults (Optional) which allows you to skip defining instance, user, and password each time
$AzureDefaultInstanceName = “myUniqueAzureSQLDBName”
$AzureDefaultUserID = “myUserIDToAzureSQL”
$AzureDefaultPassword = “myPasswordToAzureSQL”

#The actual function
Function get-azureSQL (
[string]$InstanceName = $AzureDefaultInstanceName
,[string]$UserID = $AzureDefaultUserID
,[string]$Password = $AzureDefaultPassword
,[string]$Query){

$connectionString = “Server=tcp:$($InstanceName).database.windows.net,1433;”
$connectionString = $connectionString + “Database=$($InstanceName);”
$connectionString = $connectionString + “User ID=$($UserID)@$($InstanceName);”
$connectionString = $connectionString + “Password=$($Password);”
$connectionString = $connectionString + “Encrypt=True;”
$connectionString = $connectionString + “TrustServerCertificate=False;”
$connectionString = $connectionString + “Connection Timeout=30;”

$SqlConnection = New-Object System.Data.SqlClient.SqlConnection
$SqlConnection.ConnectionString = $connectionString

$SqlCmd = New-Object System.Data.SqlClient.SqlCommand
$SqlCmd.CommandText = $Query
$SqlCmd.Connection = $SqlConnection

$SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter
$SqlAdapter.SelectCommand = $SqlCmd

$DataSet = New-Object System.Data.DataSet
$SqlAdapter.Fill($DataSet) | Out-Null
$SqlConnection.Close()

return $DataSet.Tables[0]
}

#Querying Azure SQL using Defaults defined above
get-azureSQL -Query “select * from logs”

#Querying Azure SQL without Defaults
get-azureSQL -InstanceName “myUniqueAzureSQLDBName” -UserID “myUserIDToAzureSQL” -Password “myPasswordToAzureSQL” -Query “select * from logs”

Sure you can install the Azure Powershell module and then the SQL commands too but most of the time you need to get in quick and grab something, this code is super fast and works every time for me and best of all…. no installs.

If this helped you or you want to suggest an improvement, please just leave it in the commands.

Enjoy,

-Eric

Secure PowerShell Scripts running via Windows Task Scheduler using MD5 Hashes to safeguard against Tampering

Over the years the number of Task Scheduled based PowerShell scripts has increased. However, this poses serious potential security risks.

The Security Issue

Given that these tasks commonly run as a service account, with additional rights, it is a potential attack vector.

Simply changing the underlying script can allow a hacker access to anything the service account has access to.Even signing the scripts can be useless as the system can be configured to ignore signing.

The Solution

I have created this one-liner that Task Scheduler can use that will only run the script if the hash of the script matches the hash listed in the one-liner. If someone tries to change this in Task Scheduler they would be required to reenter the proper password.

powershell.exe -command if ([System.BitConverter]::ToString((New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider).ComputeHash([System.IO.File]::ReadAllBytes(‘C:\temp\test.ps1‘))) -eq ‘33-CD-2A-54-ED-F3-0F-94-5F-D2-97-D9-FE-4F-45-79‘) {. c:\temp\test.ps1} else {Send-MailMessage -SmtpServer smtp.server.domain.com -From whatever@domain.com -To you@domain.com -Subject ‘Failed to Run Script – Hash Not Correct’}

Notes about One Line Script Executor

  • You need to replace c:\temp\test.ps1 with the path to your script. (two places in this example)
  • You must supply the hash of the script. (use the following command to get it)

[System.BitConverter]::ToString((New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider).ComputeHash([System.IO.File]::ReadAllBytes(‘C:\temp\test.ps1‘)))

  • Script will email you if hash fails.
    • Change TO: and FROM: to match your needs.
  • Do NOT use double quotes in this script, do NOT forget that CMD will pass this to PowerShell, and will strip out double quotes.

If this helped you or perhaps you have suggestions to make it better, please do leave them in the comments.

Enjoy

-Eric

Unauthorized 401 when calling Coldfusion CFC Component WebService on IIS

If you just setup a fresh Coldfusion/IIS box and all of a sudden you check one of your CFC Component WebServices and get a 401 you are not alone!

I bet you went to the folder and triple checked IIS that Anonymous Authentication was enabled and everything else was disabled and yet still didnt work. Right about that time perhaps you start questioning everything you know in this world. I mean IIS is set to anonymous yet it’s telling you its not authenticating as if it were sent to Windows Authentication.

The Solution

Rest assured, you are not losing it. Simply you like me likely made the mistake of blanket turning on Windows Authentication at the root which in turned enabled it for the virtual folder:

/jakarta

CFC’s must pass back to this folder since they are processed server side. Anyways the easy solution is to set /jakarta folder to Anonymous Authentication.

Hey if this helped you or you know something I should add to make it better, please leave it in the comments!

-Eric

Connect to Azure SQL Database using ColdFusion 10/11/2016

My how the years fly and things change.

Even in 2017 I still find value in making quick enterprise applications in Coldfusion. However the world is a changing, many of my endpoint are beyond the boundaries of my corporate firewalls.

I have ended up with a ton of nodeJS webservices endpoints  running as docker containers in Azure jamming away data in Azure SQL. I want Coldfusion to be able to utilize that data.

The Solution

The solution is stupid easy… you can use the native Microsoft SQL Driver, no need to mess with anything else.

Go ahead put in the basics

  • Database: Name as shown in Azure
  • Server: something.database.windows.net
  • Port: 1433
  • Username: <sqlaccountname>@<databasename>
  • Password: <password>

Then for the secret sauce

  • Hit Show Advanced Settings
  • In the connection string put the following:

EncryptionMethod=SSL;Encrypt=yes;TrustServerCertificate=no;

Note: Encrypt=yes may not be needed but since its working I am not touching it.

And that’s it!

If this was helpful or have a way to make it better? Let me know in the comments.

-Eric