Powershell – The size limit for this request was exceeded

powershell

The size limit for this request was exceeded

So this sounds easy he said – run me a report that gets all objects from a group based on certain attributes and export it to Microsoft Excel.

No worries, I had that scripted for three groups to export to three different Excel files in under 10 minutes – until I ran it and came across “Get-ADGroupMember : The size limit for this request was exceeded”

get-adgroupmember

Okay so I start doing some research thinking “this is just a speed bump” and I’ll sort it out in five minutes! I came across hundreds of people with the same issue and finding “workarounds” none of which worked.

I thought it might be best to publish this to the public in case someone else comes across it.

Now just to let everyone know if they know the answer already or have other solutions – I cannot go changing the maximum value and time limit on all the Domain Controllers.

The code:

$group = "GroupName" Get-aduser -filter * -searchBase "DC=domain,DC=local" -properties * | ?{$_.memberof -match "$group"} | Select-Object Name,SurName,GivenName,department,mail,pager,division | export-csv C:\Output\report.csv

Note: You will need to change the search base to match your domain

I’m getting the attributes “Name,SurName,GivenName,department,mail,pager,division” for this particular report but you can modify to your requirements.

Obviously you don’t need to do this for getting members of groups with under 1,500 objects.

Blocking Postfix traffic using Fail2ban

So if you are reading this then you have probably seen what appears to be every bot in China connecting to your Postfix server to attempt anything from relaying to auth attacking.

Well, have I got the solution for you!

Now before you implement this, I will warn you, this is very restrictive, it doesn’t really give any room for client error but believe me, your iptables will be full of blocked hosts in no time!

At a minimum I would suggest you have iptables configured for ignoring some CIDR’s (like your cell network, home outside IPv4, work address etc) so that you don’t block yourself from the server.

All of these don’t have to be implemented, if you don’t see the need, don’t add it.

Assumptions

I will assume you have a working environment, I’m specifically using Ubuntu 16.04.3 LTS – because of Postfix potentially logging differently depending on the version, I can only say that these regex filters work for this flavor. I use Postfix 3.1.0, to check the version you use:

postconf -d | grep mail_version

You will need:

  1. Ubuntu 16.04 LTS
  2. iptables installed
  3. postfix installed and configured to receive mail
  4. fail2ban installed and basic jail configuration setup

Jails

Like I said before, these are quite brutal, you can change the bantime and maxretry strings as you see fit.

[postfix-auth]
enabled = true
filter = postfix-auth
port = smtp
logpath = /var/log/mail.log
maxretry = 3
bantime = 604800

[postfix-rbl504]
enabled = yes
port     = smtp
logpath  = /var/log/mail.log
maxretry = 2
findtime  = 86400
bantime = 604800

[postfix-rbl450]
enabled = yes
port     = smtp
logpath  = /var/log/mail.log
maxretry = 2
findtime  = 86400
bantime = 604800

[postfix-rbl550]
enabled = yes
port     = smtp
logpath  = /var/log/mail.log
maxretry = 2
findtime  = 86400
bantime = 604800

[postfix-rbl454]
enabled = yes
port     = smtp
logpath  = /var/log/mail.log
maxretry = 2
findtime  = 86400
bantime = 604800

[postfix-rbl554]
enabled = yes
port     = smtp
logpath  = /var/log/mail.log
maxretry = 2
findtime  = 86400
bantime = 604800

Filters

Filters will need to be placed in “/etc/fail2ban/filter.d” folder. The file name will need to be what the jail is called eg: postfix-rbl554 = /etc/fail2ban/filter.d/postfix-rbl554.conf

I know some of these regex queries might look like duplicates but I want to make sure that all conditions are met regardless of string.

Postfix-auth

[Definition]
failregex = lost connection after AUTH from (.*)\[<HOST>\]
	  = lost connection after EHLO from (.*)\[<HOST>\]
	  = lost connection after EHLO from(.*)\[<HOST>\]
	  = lost connection after ELHO from unknown (.*)\[<HOST>\]
          = lost connection after ELHO from unknown(.*)\[<HOST>\]
ignoreregex =

postfix-rbl504

failregex = reject: RCPT from \S+\[<HOST>\]: 504 5\.5\.2 <\S+>: Helo command rejected: need fully-qualified hostname; .*$ 
            NOQUEUE: reject: RCPT from \S+\[<HOST>\]: 504 5\.5\.2 <\S+>: Helo command rejected: need fully-qualified hostname; .*$
	    NOQUEUE: reject: RCPT from \S+\[<HOST>\]: 504 5\.5\.2
ignoreregex =


postfix-rbl450

[Definition]
failregex = reject: RCPT from (.*)\[<HOST>\]: 450 4.7.1
	    NOQUEUE reject: RCPT from (.*)\[<HOST>\]: 450 4.7.1
	    reject: RCPT from (.*)\[<HOST>\]: 450 4.7.8
            NOQUEUE reject: RCPT from (.*)\[<HOST>\]: 450 4.7.8
ignoreregex =

postfix-rbl550

[Definition]
failregex = reject: RCPT from (.*)\[<HOST>\]: 550 5.1.1
	    NOQUEUE: reject: RCPT from (.*)\[<HOST>\]: 550 5.1.1
            reject: RCPT from (.*)\[<HOST>\]: 550 5.7.1
            NOQUEUE: reject: RCPT from (.*)\[<HOST>\]: 550 5.7.1
ignoreregex =

postfix-rbl454

[INCLUDES]
before = common.conf
[Definition]
_daemon = postfix/smtpd
failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 454 4\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
	    NOQUEUE: reject: RCPT from \S+\[<HOST>\]: 454 4\.7\.1
	    reject: RCPT from \S+\[<HOST>\]: 454 4\.7\.1
ignoreregex =

postfix-rbl554

[INCLUDES]
before = common.conf
[Definition]
_daemon = postfix/smtpd
failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
	  = NOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1
ignoreregex =

Conclusion

Obviously, this is not a silver bullet, you should try this along with Postfix RBL blocking and something like Spamassasin for optimal results.

If you really want to clean up your logs and stop wasting resources processing bot attacks then this will really come in handy but just beware you might block a source you aren’t meant to

Citrix XenApp – Present Linux Applications To Users

citrix xenapp

Citrix XenApp – Present Linux Applications

Why stop at virtualising your Microsoft applications and expand it to Linux?

That’s what I asked myself before working out how to present Linux applications (in particular Kali Linux tools), I couldn’t find any guidance on the interwebz about it and certainly didn’t see any write ups from Citrix themselves so I thought I’d just give it a go and see how far I’d get.

Requirements

  1. Working Citrix XenApp farm (mine is 6.5 and I’d assume newer versions would work)
  2. A working Linux server with a desktop installed, the application you wish to publish installed and OpenSSH installed, listening on port 22 and allowing users to log in.
  3. Putty.exe placed on the Citrix XenApp App server in a publicly accessible place

Xming

XMing is a free X window server for Microsoft Windows. It allows one to use Linux graphical applications remotely. We will utilise this application in the Citrix XenApp environment to open applications on the remote Linux server.

Publishing

1. Install Xming on Citrix XenApp application server from https://sourceforge.net/projects/xming/
2. Publish Xming as any usual application and assign it to all users that will require running Linux apps on Citrix XenApp
3. Create a plain text file in a publicly accessible place, name it the application name with a .txt format and in the file put the command to run that application.

Example:

notepad iceweazel
3. Create a new published application in Citrix and name it the name of the Linux application
4. Type is “Application” and “Accessed From Server”
5. Point to your putty.exe and add the following: “-l %username% -pw %password% -X -m %pathtotextfile%”

Example:

D:\Programs\Putty\putty.exe -l root -pw changeme! 10.65.10.43 -X -m d:\Programs\Putty\iceweasel.txt
citrix xenapp location

So what Putty does is log into the Linux server with the credentials specified and allows X Windows passthrough and runs the command based in the text file – super simple 🙂

The rest of the application settings are how you would normally publish applications.

User Procedure

1. Run Xming, select “Multiple Windows”, “Start No Client”, don’t change additional settings, Finish (or next, next, next, finish) AKA don’t touch anything and do defaults!!


xming display settingsxming session type xming additional parameters xming finish

When that is running there will be a Xming icon that appears in your taskbar

2. Launch the published application (a Putty window will appear, do not close this until you have finished with the application).

Conclusion

This is an excellent way to bridge the gap between users running Microsoft Windows and running open source applications.

As always, happy to answer questions and comments below.

 

Automatically Upload Desktop, Documents and Downloads to Dropbox from your Mac

dropbox_glyph_blue

 

If you would like to automatically upload your Desktop, Documents and Downloads automatically to your Dropbox from your Mac, follow this nice little trick:

I will be using the “Documents” folder as an example:

Open Terminal (Spotlight/Terminal)

Change directory to your Dropbox folder (by default it is in the users home directory)

Change to Dropbox Directory

Create the symbolic link from your users Documents folder to Dropbox

ln -s ~/Documents

(Mine already exists)

Link Documents to Dropbox

Repeat for any other folders you want to back up automatically to Dropbox.

Fix resolution for VMware Fusion Unity

LOGO1

Fix resolution for VMware Fusion Unity

This is for VMware Fusion version 7.1 however it might work *not tested with other versions.

I’m just doing a quick write up about how to fix the annoying resolution problem when running applications in Unity on VMware Fusion. This issue just keeps coming back (after installing VMware Fusion) and I can never remember how to fix it. It’s obvious when you see it but it isn’t when you are in a panic trying to fix it!

Under the virtual machine, click settings

Click on Display

vmware fusion virtual machine settings

Click on “Use full resolution for Retina display”

vmware fusion ful resolution retina unity

VMTools will prompt you to log off

VMtools change user interface size settings log off

Now go into Unity view and you will now see things without a microscope!

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.