SharePoint User Full Control – Site has not been shared with you

I’ll keep this one short. After my recent SharePoint migration (ahem, 1 web app out of 6 I have yet to complete), I noticed my standard user account was not able to add pages to my new 2016 site. A little different then this Blog post about unable to edit, however the fix was exactly the same.

  1. First ensure you have site collection admin rights on the site collection in question.
  2. Load the site with this account (I noticed there’s only logout, and no longer sign in with another user under the user hamburger menu, so open a browser as the user with site collection admin rights).
  3. Go to Site Settings -> Master pages and page layouts
  4. In his case, as well as mine then library had unique permissions (not sure why I have yet to log into my old SharePoint page and see if it was like this from before the migration). Simple make it inherent permissions from the root site.

I was able to find this info from TechNet. I’m on there quite frequent, feel free to check out some of my posts. šŸ˜€ Maybe there’s a way I can add my TechNet profile to the word press social links. šŸ˜€ stay tuned.

Spectre Meltdown

If you’re reading this then chances are more than likely you’re looking up information on the two biggest vulnerabilities to be announced since Heartbleed.

Now there is just a ton of people talking about these vulnerabilities, I’m going to try and avoid all the real technical mumbo jumbo.

First things first… are you affected?!

*Shakes 8 ball* Most Likely.

Now you might be wondering, “How can that be?!” Well first let’s talk about Meltdown. Meltdown apparently affects Intel chips only. In short it’s a weakness in memory handling with the CPU. Do you have an Intel chip running your computer? chances are more than likely, running Windows? Well you’re in luck, Microsoft is making sure your OS is safe, but at what cost? Maybe a slower system than ever… no AMD then? well OK you may be safe from Meltdown, but you’re still vulnerable to Spectre, and guess what? Microsoft isn’t able to help you get patched either, well apparently if you happen to be running an old AMD chipset.

Not sure how well Intel will do following this, but the odd shares sales by the CEO def don’t look like good signs…

Alright, now back to Spectre.

Well to start off, to say it simply… never assume, it makes an ass of of you and me. Now you’ve probably heard this saying before, and you probably might be wondering why I’m even saying it. Well this vulnerability revolves around the CPU’s algorithm (Speculative Execution) to assume a result based on repetition of previous outcomes of the same operation.

Crazy how these are totally physical based vulnerabilities (At the CPU chip) which affects them all going back super far.. how far back? Well i had to dig a lil deeper into the interwebs via google. (So they know what I’m all about lol). and discovered that the Pentium Pro was the first. Now I’m simply going on the authors words here, but finding sources from so long ago even today can be rather difficult so I’ll simply take his word for it. The blog is actually a great read and covers the aspect of the vulnerability very well. However he goes on to say it’s all about Meltdown, when it might be about Spectre?

Either way… it’s a Spectre Meltdown.

If anyone’s running a HP Spectre laptop with an Intel chipset, and it starts melting down. That be quiet the coincidence. šŸ˜›

Happy hacking! Start writing some javascript based if code to exploit these assuming chips šŸ˜‰

Adding a static host record to PiHole

Adding a record:

pihole -a hostrecord home.consto.com 192.168.1.10

Removing a record:

pihole -a hostrecord

*UPDATE* This only adds one record, and doing this command a second time removes the old record. For multiple records hosting on a PiHole, here’s the main deets as provided by llauren:

With a little configuration, you can use your pi-hole as the DNS server for your LAN, if, for example, your router isnā€™t doing a very good job serving local names. Hereā€™s how:

Create a second dnsmasq configuration file:

% echo "addn-hosts=/etc/pihole/lan.list" | sudo tee /etc/dnsmasq.d/02-lan.conf

(that % is for whatever your system prompt is; donā€™t type it out :wink: )

After this, create a ā€œhosts fileā€ for your network /etc/pihole/lan.list with the format ipaddress fqdn hostname, eg

192.168.1.40     marvin.your.lan  marvin
192.168.1.41     eddie.your.lan   eddie
192.168.1.42     hactar.your.lan  hactar

ā€¦substituting ā€œyour.lanā€ for whatever you want your domain name to be.

On your DHCP server (most likely your router, though pi-hole indeed can be configured into one), youā€™ll also need to set your search domain to whatever ā€œyour.lanā€ corresponds to.

Finally, restart your name server:

% sudo pihole restartdns

Additional thoughts

  • If all this domain name stuff confuses you, you can leave it out and live a domain-less life on your LAN.
  • While you certainly can serve any name, also of hosts outside of your LAN, you probably canā€™t outsmart Netflix to play shows from outside your geographical area :slight_smile: . Drop that thought. Itā€™s probably against their TOS and you might end up losing your Netflix account.
  • The dnsmasq manual page 765 suggests the configuration option hostsdir, but this didnā€™t work on my raspi. Possibly i was just incompetent.”

Clearing the DNS cache

This one will be nice and short. I was working on a DNZ zone migration, from one domain to another. Since the zone wasn’t the parent zone of the AD domain it was in I had two options.
One make the new domain authorative for the zone, once trust is established they would take over for the zone.
Or in this case since there were only a few records and the new AD domain was already created with the same domain anem as the zone I was attempting to migrate, I figured I’d simply recreate the records manually.
Basically setup your conditional forwarders to the new domain DC’s which will be authorative for the new zone. Generally allow UDP (TCP as well if you want to be extra safe) on port 53 through the firewall, and records should resolve just fine.
In this case you’ll clearly notice that resolving the record for the transferred zone from the orginal domain now replies with non-authorative answer.
This is to be expected as the domain’s DC that you are associated with (and generally your DNS settings configured to via DHCP of course) are no longer controlling the zone (adding/removing/editing records).
Again as to be expecting these are now managed via the new domain which teh zone was transferred to.

So low and behold I messed u one of the records IP addresses. So sure it’s super fast to adjust and force replication, however replication would be domain/forest wide. Which even though I did on both domains i found my previous DC’s would update the non-authorative answer.
I tripple checked all systems in teh new domain could get the proper reply from the DC/DNS servers. So what gives why were the old DC’s DNS servers replying with the old IP address, when the conditional forwarders were setup to query the proper DNS servers and they were 100% holding the correct IP address?
The answer? Cache? yup the lovely blessing and nightmare that is cache. so what does any regular workstation admin try… yeah you guessed it “ipconfig /flushdns” (cmon were talking AD here which is Microsoft specific AFAIK). Do a query from your old domain DC’s and yet the record is still the old IP adress?!?!
What gives? Well… in this case ipconfig /flushdns is only used for clients. You maybe wondering isn’t the old DC a client in this case? Yes/No It’s still a DNS server, and it still needs to answer queries it recieves, the command provided would help if simply doing a query (yes we are doing a query but for a record it needs to hold a record for to reply with).
Just to stop beating around the bush, as a DNS server it needs to clear its own cache, the records to retains to provide to requesting clients. this is a different command. in this case it’s dnscmd /clearcache.
That’s it, do another lookup and find your old DC DNS servers showing a non-authorative answer of the new IP address. Of course you could have also simply waited for cache to clear and replication to occur naturally… but ain’t no body got time for that!

 1) To Clear Dns from a client system (Windows): ipconfig /flushdns
 2) To clear non-authoritative DNS servers cache:	 dnscmd /clearcache

Exit, Break, and Return

The Break, The Return, and the Exit are all well break dance moves even the newest of new comers knows about.
Hahaha, Nah I’m just making that shit up. They are however great tools for powershell scripting.
However, do you know what the difference in all of them are, and when best to use them?

For a longer answer and some explainations visit this site. šŸ˜€
If not whatever here’s the quick low down so you can save going to that day of class. šŸ˜›

1) Break terminates execution of a loop or switch statement and hands over control to next statement after it.
2) Return terminates execution of the current function and passes control to the statement immediately after the function call.
3) Exit terminates the current execution session altogether. It also closes the console window and may or may not close ISE depending on what direction the wind is facing.

Arrays Gone Astray

I love powershell, and as one figures you’ll have to deal with arrays. and when you learn them, they become a handy tool for any dev/scripters toolkit.
This guy covers it well. in short do this

PS C:\Scripts> $Fruit = @("Apple","Banna","Orange")
PS C:\Scripts> $Fruit.Add("Kiwi")
Exception calling "Add" with "1" argument(s): "Collection was of a fixed size."
At line:1 char:1
+ $Fruit.Add("Kiwi")
+ ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : NotSupportedException

PS C:\Scripts> $Fruit = $Fruit + "Kiwi"
PS C:\Scripts> $Fruit
Apple
Banna
Orange
Kiwi
PS C:\Scripts> $Fruit.GetType()

IsPublic IsSerial Name                                     BaseType
-------- -------- ----                                     --------
True     True     Object[]                                 System.Array


PS C:\Scripts> $Fruit = $Fruit - "Kiwi"
Method invocation failed because [System.Object[]] does not contain a method named 'op_Subtraction'.
At line:1 char:1
+ $Fruit = $Fruit - "Kiwi"
+ ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (op_Subtraction:String) [], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound
PS C:\Scripts> $Fruit = $Fruit -ne "Kiwi"
PS C:\Scripts> $Fruit
Apple
Banna
Orange
PS C:\Scripts> $FruitIsFixedSize
PS C:\Scripts> $Fruit.IsFixedSize
True

Center Write-Host Output

Write-Host

It’s great and it’s main purposes is to well write to the host. Nothing more. So often people abuse it and leaving people to rant about it.
E.G. This guy and the “Gurus”
I agree with both of them in terms of displaying data, hands down. However, when it comes to simple informing the admin/user of the script the “it displays and gets rid of that info” is efficient, and interactive (colors).

With that out of the way. I am working on a script to clear web parts from a sharepoint page via powershell.
I always like clean code an usually my scripts are interactive, for other non-interactive scripts I’d stick with Write-Output as described by the scripting guys.
However since I like to display things colorfully and neatly Write-Host is perfect!

The Problem

Turns out there’s no easy way to get-write host to center it’s output, no mater how hard I googled. This reply from James Bernie however kicked off the idea it was possible. (Link dead, here’s link to wayback machine)
There were actually a decent amount of issues with his propsed idea, when implemented. First we’ll want a static variable of the window size at start of script.
Then it turns out Bernies fancy full integer trick may return whole numbers, but does so as a dang string type. Instead of wasting time dicking around with another method, i simply did this trick of dividing by 1 on the variable.
The final problem with his concept which was driving me nuts for a good while was due to the fact of how padding method actually works.
PadLeft adds spaces to the left of a string.
This is handy for numeric out-put because padding keeps the numbers properlly aligned on the right.
This was exactly the problem I was facing, testing my existing function with a series of dots of different lengths, I found them all to be right aligned, and not centered.
Another issue I found was that the pipe into measure method under an expression based section of code and calling its sub routine of count ($var | measure).count wasn’t returning the correct value.
That line was pretty stupid anyway when you can simply call any variable thats of a string type length method.
And the final nail in the logical coffin, the padding was again aligning more right of center than actual center due to the fact that’s what it was comparing to first in the convert.
So it made more sense to take ((Wdith of screen) – String.Length)/2 + String.Length, this associated with a left and right padding, creates a centered master piece!!
Finally!!Here’s the final thing I had to overcome. My function I wanted to support Write-Host outputs color param.
As it turns out, overloading functions isn’t supported in powershell, but that didn’t stop someone from comming up with a work around!
This guy and his buzz works… Woo Ad-hoc Polymorphism!!! OK OK… here’s my final piece of code for you guys. NOTE I didn’t do fully ad hoc polythingy I cheated and only supprted foreground color via an if else.
If you *burp* want to make it support background and foreground… Uhhhhh.. do it yourself… getting to wasted right now…

#Function to Centralize Write-Host Output, Just take string variable parameter and pads it
#Nerd Level over 9000!!! Ad-hoc Polymorphic power time!!
$pswwidth = (get-host).UI.RawUI.MaxWindowSize.Width
function Centralize()
{
  param(
  [Parameter(Position=0,Mandatory=$true)]
  [string]$S,
  [Parameter(Position=1,Mandatory=$false,ParameterSetName="color")]
  [string]$C
  )
    $sLength = $S.Length
    $padamt =  "{0:N0}" -f (($pswwidth-$sLength)/2)
    $PadNum = $padamt/1 + $sLength #the divide by one is a quick dirty trick to covert string to int
    $CS = $S.PadLeft($PadNum," ").PadRight($PadNum," ") #Pad that shit
    if ($C) #if variable for color exists run below
    {    
        Write-Host $CS -ForegroundColor $C #write that shit to host with color
    }
    else #need this to prevent output twice if color is provided
    {
        $CS #write that shit without color
    }
}

*Update* This code is being managed on GitHub, please download or fork the latest version from there, maybe one day I’ll implement background color.. :S

Installing .NET framework 3.5

This is such a common problem it’s ridiculous…

Ensure you have a Windows Installation media available (Mounted ISO, inserted DVD, whatever it takes) then run this *Replace d: with your installation media mount label*:

DISM /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:d:\sources\sxs

Allow RDP through firewall

I manage core servers often and more than not I forget the exact syntax and objects and parameters used when doing so. Like this one:

Netsh advfirewall firewall set rule group=ā€remote desktopā€ new enable=yes

Trend IMSVA LDAP Settings Account Permissions

If you’re reading this chances are you have read this or this (If you like Wizards) … and this only to ask your self… “What permissions does this “admin” account need?” I mean… it says specify an admin account right?!

“Under LDAP admin, specify the administrator account, the corresponding password and the base distinguished name”

After quick testing, turns out no, any regular domain user account worked here.