Tag: Security

Posted on

Stop Chrome (or any app) from preventing Screen Locking and/or Screen Saver

A minor problem that has plagued me for some time, I would be done for the day, leave the home office, and yet hours later all 4 screens were still left on. I hate paying for the power to leave my screens on all night plus the fact it reduces the screens longevity. Most importantly, its a security issue. I want my computer to lock when I am not at it. Many times I press Win+L to lock but sometimes I forget.

I generally leave my security cams up on the top screen, and I was fairly sure Chrome has a way of telling Windows to not go to sleep because media was playing. Well, I was right.

Detecting the Issue

Simply run this command to see what is holding up the system:

powercfg /requests

Notice there under DISPLAY: that Chrome is playing video?

The Fix

The block Chrome from preventing the computer from sleeping simply run this command (change it from chrome to another app name if its not chrome):

powercfg -requestsoverride PROCESS chrome.exe awaymode display system

Enjoy,

-Eric

Posted on

Secure PowerShell Scripts running via Windows Task Scheduler using MD5 Hashes to safeguard against Tampering

Over the years the number of Task Scheduled based PowerShell scripts has increased. However, this poses serious potential security risks.

The Security Issue

Given that these tasks commonly run as a service account, with additional rights, it is a potential attack vector.

Simply changing the underlying script can allow a hacker access to anything the service account has access to.Even signing the scripts can be useless as the system can be configured to ignore signing.

The Solution

I have created this one-liner that Task Scheduler can use that will only run the script if the hash of the script matches the hash listed in the one-liner. If someone tries to change this in Task Scheduler they would be required to reenter the proper password.

powershell.exe -command if ([System.BitConverter]::ToString((New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider).ComputeHash([System.IO.File]::ReadAllBytes(‘C:\temp\test.ps1‘))) -eq ‘33-CD-2A-54-ED-F3-0F-94-5F-D2-97-D9-FE-4F-45-79‘) {. c:\temp\test.ps1} else {Send-MailMessage -SmtpServer smtp.server.domain.com -From whatever@domain.com -To you@domain.com -Subject ‘Failed to Run Script – Hash Not Correct’}

Notes about One Line Script Executor

  • You need to replace c:\temp\test.ps1 with the path to your script. (two places in this example)
  • You must supply the hash of the script. (use the following command to get it)

[System.BitConverter]::ToString((New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider).ComputeHash([System.IO.File]::ReadAllBytes(‘C:\temp\test.ps1‘)))

  • Script will email you if hash fails.
    • Change TO: and FROM: to match your needs.
  • Do NOT use double quotes in this script, do NOT forget that CMD will pass this to PowerShell, and will strip out double quotes.

If this helped you or perhaps you have suggestions to make it better, please do leave them in the comments.

Enjoy

-Eric