This is my first question on SO, and I am have tried to avoid it, but am forced to ask. I can't use FTP, as that's insecure. I can't use FTPS, as I can't introduce expiring cert overhead. WEBDAV over https isn't an option.
What would be ideal would be a firewall friendly robocopy, as that uses windows auth.
I am looking at powershell with BITS, but can't find what port it's using or it's requirements on Windows 2012 exclusively. Older systems have stated requirements that they need IIS, but I can't find that stated on Microsoft's sites anywhere:
https://www.google.com/search?hl=en&q=site%3Amicrosoft.com%20windows%202012%20bits
I looked on here and found 56 articles related to BITS. Example: How to use BITS in Powershell to upload / download files?
I tried performing the file transfer with powershell without caring about the port, but the automation of this is problematic, as I keep getting an error:
The operation being requested was not performed because
the user has not logged on to the network. The specified service does not
exist. (Exception from HRESULT: 0x800704DD)
And ultimately, the port matters because I have to go through a firewall.
I don't want to make an assumption that the requirements from earlier versions of BITS still apply, because Murhphy's Law says I will be burned by it.
Does anyone has a possible solution to this problem? One that doesn't involve the purchase or use of non-native tools. On Linux, I would solve this with SSH, exchange some keys, and it just works. Is there anything in the windows platform that does something similar and is native to the OS?
Here's one way:
http://www.nivot.org/post/2009/11/02/PowerShell20IntroducingThePModemFileTransferProtocol
It works over a WSMAN/PSRemoting session, so you can specify the port, use HTTPS.
Related
Environment:
I work in a lab that tests software against multiple domain configurations. I currently have 8 domains with no cross-domain trust. They each have a WSUS server that talks to our primary NOC WSUS Server. Other than talking to the primary WSUS server, there is no communication from one domain to the other. I cannot change GPO settings or install any software that isn't already installed. The domains range from Windows XP with Server 2003 to Windows 7 with Server 2008. Each domain has anywhere between 8-20 servers and 3-5 workstations.
I have a machine that can talk to each of the servers in all of the domains, and can also talk to the primary WSUS server. I primary work with PowerShell, but I'm not opposed to another language if it makes what I'm trying to do easier. I have PowerShell 2.0 installed, but I can easily installed PowerShell 3.0 if needed.
Scenario:
I am charged with checking if patches have been installed on each of the servers. This testing cannot rely on WSUS's built in reporting tools, per requirements I cannot change. I would receive a list of patches, and I need to check each server to see if the patches are installed. Since the patches can be anything from Windows XP to Server 2008, I also need to check if the patch is applicable to the server itself. I have tried to use PoshWSUS to check for applicability, but I cannot get a connection to the Primary WSUS server because of either IIS rules or a Firewall rule. I have search online, and followed several guides, but this WSUS's setup is very customized, and I can only do so much to the server itself.
Example:
I have the following Patches:
KB2604092
KB2676562
KB2686509
I want to check the following server:
DC01: A Windows Server 2008 Domain Controller
I am currently using the following PowerShell command to test if they are installed:
Get-HotFix -ID "KB2604092","KB2676562","KB2686509" -ComputerName DC01
This command shows the following patches are installed:
KB2676562
KB2686509
Leaving the following uninstalled:
KB2604092
This correctly tells me that KB2676562 and KB2686509 are installed, but it doesn't tell me if KB2604092 missing, or not applicable.
What I am stuck on is how to verify that KB2604092 is not applicable to DC01. I can easily search Microsoft's site to verify it is only for Windows Server 2003 or Windows XP, but how can I check it's applicability via a script. I would love to find a way to scrap the Microsoft KB article for the data, but I don't know how to pull the required information from the web page. I assume there has to be a check within WSUS to check applicability, but I don't know where to look for something like that.
Edit:
I forgot to mention, I have no control over what patches are approved, that is done by an outside company.
Well for security patches, Microsoft publishes a a spreadsheet that lists the all security bulletins since 1998. You can download from this page. (Direct link to spreadsheet)
You could then parse that spreadsheet (if you convert it to a CSV file, that would be easy to parse in powershell). It gives you all the information you are asking about.
If you're only interested in whether the update is applicable to the corresponding operating system, IUpdate.ProductTitles should give you the information you need.
There are more complicated cases, such as where an update is applicable only if a certain system component is installed. I don't think there's any way to handle those cases automatically.
I'm a web developer that needs to build a piece of software for my local office of about 20-30 Windows computers. It needs to automatically and silently run software updates and deployments on all computers.
The Windows computers run on a local network. I'm not sure where to start putting my hands on with something like this... I'm an experienced programmer, just need the right direction on what to read.
I know each Windows client has a Samba server, and also we're using Active Directory, but I'm not sure how that works.
How would I go about starting developing this? I'm sure there's Windows APIs for samba file transfers, but I also need to know about documentation on silently installing the .exe or whatever, and also I need APIs to know the applications running on the client to understand if they need to be updated.
Where's all these APIs?
Have a look at wpkg.org. It's license is GPL. It runs on Samba in an Active Directory. See also their feature overview.
I mentioned Samba only because you also did so. Though your exact words read: 'I know each Windows client has a Samba server [....] though I'm not sure how that works.'
In case you meant that each Windows client has access to a Samba server, my answer may be contributing to help you.
In case you thought your Windows clients are running Samba themselves, this is impossible (but my answer may help to clarify a few things nevertheless).
Here's why:
Samba is an implementation of the Microsoft SMB stack of networking protocols for Unix-oid operating systems.
SMB is what all Windows computers use natively.
why exactly you want do develop this application
there is a Microsoft product responsible for this thing . it is called SUS server
I'm looking for a way to obtain information similar to the following console applications, remotely:
net use
net share
netstat -ano
However, I need to be able to do this without running a 3rd party application on the system. This effectively rules out using psexec to execute the command remotely, because psexec would then be installed as a service.
I should add that I have administrative credentials on the remote system. I've considered using WMI's remote execution ability, but that requires me to write output to a file and then retrieve it. It's possible, but I'd like to know if anyone has a better way.
I am using Delphi 2010.
there are a couple Delphi WMI components that allow remote access. I have not used the remote options personally though.
MagWmi - http://www.magsys.co.uk/delphi/magwmi.asp (Delphi 2010 support, and free with source)
WMISet/NTSet - http://www.online-admin.com/ntset.html (TNTShare
Manages shared resources on a local computer and remote hosts. Using this component you can change list of shared devices, see files that have been opened by remote users, watch and terminate remote sessions opened to the destination computer, change list of mapped network drives. It is not free.)
GLibWMI - Found at Torry.net, home page not available. (Delphi 2010 support and Freeware with source). Not sure if its capable of remote access. I have not used it.
Hope this helps
I think the same as Logman.
You can access this information using WMI.
GLibWMI components can be found on this website (http://neftali.clubdelphi.com) or sourceforge (http://sourceforge.net/projects/glibwmi/).
The current version is 1.8b and has a component called SharedInfo with which you can get that information.
The source code is available so you can expand it to access other WMI classes if necessary.
Regards.
P.D: Sorry for my mistakes with english.
You can enumerate shares using the NetShareEnum function (headers are in the Jedi Apilib).
I assume there must be an api for the "net use" but I have never used it (check the WNet functions). Alternative is to use the EnumNetworkDrives method of the WshNetwork com object.
As for netstat I don't think it's possible to do that remotely (other than using some kind of method to spawn a process remotely).
I need to provide an update to application data as a download from a website. The update would actually just be the replacing of some data files with some updated ones.
The update, which I assume would be some sort of setup package type program, would need to be able to do the following:
access the file system and registry
to determine where files should be
copied to
supply the files to be copied
provide strong security so the data files cannot be downloaded or used by the wrong people
What would be best way to achieve all of the above?
I would suggest to use either
Java Web Start, for Java
ClickOnce Deployment, for .NET
These technologies are meant to distribute software over networks.
(I think that developing something similar yourself can turn to be something rather complicated.)
There are a number of comprehensive update manager and delivery services available from commercial software vendors if you don't want to write something from scratch yourself.
TrueUpdate
InstallShield
ClickOnce
... plus more, I'll leave you to research yourself :)
Your choice will depend on your chosen language, existing setup methods, targeted operating systems and budget.
We just use standard MSI installers/upgrades and wrote our own update manager/update delivery service. You'll need to weigh up own resources and development expense to decide if it's worth purchasing a commercial product, or developing something in-house.
I've used AdvancedInstaller - a very capable free version is available. It is a fully-fledged MSI installer, so it can read/write to the registry and install files to "Program Files" that normally requires admin privileges. It also supports application updates out of the box. You can publish updates and have them automatically downloaded and installed.
As to security, this is not really the realm of an Installer but part of the webserver where you host the files. You could use a password protected folder, or for stronger prevention, client SSL certificates. The latter would work well with automatic updates.
An alternative is to string together a solution from a number of readily available components:
use a batch file to perform the download that is executed regularly. You can schedule batch files using the Windows Task Scheduler.
The batch file will use the Windows REG command to read values from the registry, and use those values to invoke rsync. rsync is a file synchronization command that can be run through ssh. If you configure ssh with public key authentication, you restrict access to specific clients of your choosing, while allowing automated access (no password required.) The key with rsync is that if the files are up to date, no download is performed.
This article explains how to sync files from a server to a notebook using rsync and ssh, and explains how to set up rsync and ssh using Cygwin.
See also
Windows REG command
ssh (Wikipedia) and openssh manpages.
rsync manpage
I have decided to go with Subversion for a source control repository for my personal and side projects and I'm now trying to decide what OS to use. Currently my file server for my home network is Windows 7 beta. I'm wondering if I should wipe it and install Windows Server 2008 instead? Basically I'd like to know if there are things I could take advantage with a server OS that I can't with Windows 7. First thing that comes to mind is accessing subversion remotely with a VPN connection.
I'm a .net developer, but have dabbled in Linux a bit so I'm not completely turned off to the idea of an ubuntu or debian server...
I imagine the installation and configuration process might go off with fewer hitches if installed on Linux, just because of the package management, but that's assuming some experience with the package system of $whatever_distro. If you're comfortable with Windows, Subversion works perfectly well on there. I've set it up on both, but prefer the Linux installation process (easier Apache integration, in my view), but I had pre-existing Linux experience.
If you're familiar with Windows, I bet you'll find the installation and configuration process easier there. As others have said, many of the tools are cross-platform.
You can run a Subversion server on Windows or Linux (or whatever) so it really doesn't matter. Pick whichever one you already have and feel most comfortable with. Since you are a Windows developer I see no real reason to toss Linux into the mix though.
If your goal is to minimize the amount of work you put into the maintenance of subversion, go with the OS you are most comfortable with. Many maintenance scripts, and subversion hooks are written and available in perl and python which are available for both windows and linux.
One advantage to the Windows server OSes over their client counterparts is that the client OSes are limited as to the number of inbound connections. If you are going to be the only person working on the repo, this may not make a difference. However, if there are multiple people, then this would be an issue. XP Pro/Vista Ultimate are limited by Microsoft to 10 inbound connections. I cannot speak for Windows 7.
To make life easy, try VisualSVN Server. For personal projects there's no reason to setup a separate server just for SVN.
Windows 7 will be able to host Subversion with no problems whatsoever..
If your file-server is already setup and working under Windows 7, I'd say stick with that.. Adding SVN is no reason to install a new OS
You don't need a server at all to use subversion.
If you've already got a file server on your home network, and you're doing this only for you and your personal projects, just use a subversion client such as TortoiseSVN and create your repository (or repositories) on your file server via network share (or mapped network drive, etc).
I wouldn't recommend this for multi-user setups (unless each has their own repository), but for a single user this is the simplest option. And using this approach, to answer your question, you wouldn't gain anything by switching to a server OS such as Windows Server 2008.
I'd actually recommend going with a hosted Subversion provider instead of setting up Subversion on Windows or getting a second server for that purpose. I work for ProjectLocker, but if you Google "subversion hosting", you'll see there are a number of providers that offer free or reasonably priced solutions. The advantages:
It's a hosting provider's primary job to keep your code safe, secure, and accessible, so they focus on uptime, backups, and security monitoring so you don't have to
You don't have to learn how to be a system administrator or Subversion administrator; several providers have user interfaces that make it easy to manage users and permissions.
Hosting instead of DIY lets you focus on what you actually care about: writing great software
I suggest you take a look at ProjectLocker and some of the other providers and decide which one is right for you. You may decide that doing it yourself is the best option for you, but for many people in your situation, a hosted solution has met their needs.