Monday, October 3, 2011

PowerShell: Set-SecureAutoLogon

The module that controls the Windows login experience is called MSGina.dll. Code in this module is responsible for providing the Windows login screen. This code reads values from the registry key to control the experience:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Specifically the following values are important:

AutoAdminLogon

AutoLogonCount

DefaultUserName

DefaultPassword

DefaultDomainName

By setting the values above appropriately, you may enable automatic login for a particular user account. However DefaultPassword is a clear text string! Security vulnerabilities raised by the fact of enabling automatic login aside, the password is readable to anyone after the automatic login happens!

There is a way to store the password in a more secure way using the LsaStorePrivateData function from the Advapi32.lib Win32 module. This is a native code API which is not easily accessible to PowerShell. There is however a way to call this function which involves p/inoking (platform invoking) the native API using compiled code (c#/vb.net) using the Add-Type cmdlet introduced in PS v2. It is possible to do this PS v1 however it requires a lot more code.

So without further ado, see the Set-SecureAutoLogon fully implemented below.

[cmdletbinding()]
param (
[Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string]
$Username,

[Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [System.Security.SecureString]
$Password,

[string]
$Domain,

[Int]
$AutoLogonCount,

[switch]
$RemoveLegalPrompt,

[System.IO.FileInfo]
$BackupFile
)

begin {

[string] $WinlogonPath = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
[string] $WinlogonBannerPolicyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"

[string] $Enable = 1
[string] $Disable = 0

#region C# Code to P-invoke LSA LsaStorePrivateData function.
Add-Type @"
using System;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;

namespace ComputerSystem
{
public class LSAutil
{
[StructLayout(LayoutKind.Sequential)]
private struct LSA_UNICODE_STRING
{
public UInt16 Length;
public UInt16 MaximumLength;
public IntPtr Buffer;
}

[StructLayout(LayoutKind.Sequential)]
private struct LSA_OBJECT_ATTRIBUTES
{
public int Length;
public IntPtr RootDirectory;
public LSA_UNICODE_STRING ObjectName;
public uint Attributes;
public IntPtr SecurityDescriptor;
public IntPtr SecurityQualityOfService;
}

private enum LSA_AccessPolicy : long
{
POLICY_VIEW_LOCAL_INFORMATION = 0x00000001L,
POLICY_VIEW_AUDIT_INFORMATION = 0x00000002L,
POLICY_GET_PRIVATE_INFORMATION = 0x00000004L,
POLICY_TRUST_ADMIN = 0x00000008L,
POLICY_CREATE_ACCOUNT = 0x00000010L,
POLICY_CREATE_SECRET = 0x00000020L,
POLICY_CREATE_PRIVILEGE = 0x00000040L,
POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080L,
POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100L,
POLICY_AUDIT_LOG_ADMIN = 0x00000200L,
POLICY_SERVER_ADMIN = 0x00000400L,
POLICY_LOOKUP_NAMES = 0x00000800L,
POLICY_NOTIFICATION = 0x00001000L
}

[DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
private static extern uint LsaRetrievePrivateData(
IntPtr PolicyHandle,
ref LSA_UNICODE_STRING KeyName,
out IntPtr PrivateData
);

[DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
private static extern uint LsaStorePrivateData(
IntPtr policyHandle,
ref LSA_UNICODE_STRING KeyName,
ref LSA_UNICODE_STRING PrivateData
);

[DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
private static extern uint LsaOpenPolicy(
ref LSA_UNICODE_STRING SystemName,
ref LSA_OBJECT_ATTRIBUTES ObjectAttributes,
uint DesiredAccess,
out IntPtr PolicyHandle
);

[DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
private static extern uint LsaNtStatusToWinError(
uint status
);

[DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
private static extern uint LsaClose(
IntPtr policyHandle
);

[DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
private static extern uint LsaFreeMemory(
IntPtr buffer
);

private LSA_OBJECT_ATTRIBUTES objectAttributes;
private LSA_UNICODE_STRING localsystem;
private LSA_UNICODE_STRING secretName;

public LSAutil(string key)
{
if (key.Length == 0)
{
throw new Exception("Key lenght zero");
}

objectAttributes = new LSA_OBJECT_ATTRIBUTES();
objectAttributes.Length = 0;
objectAttributes.RootDirectory = IntPtr.Zero;
objectAttributes.Attributes = 0;
objectAttributes.SecurityDescriptor = IntPtr.Zero;
objectAttributes.SecurityQualityOfService = IntPtr.Zero;

localsystem = new LSA_UNICODE_STRING();
localsystem.Buffer = IntPtr.Zero;
localsystem.Length = 0;
localsystem.MaximumLength = 0;

secretName = new LSA_UNICODE_STRING();
secretName.Buffer = Marshal.StringToHGlobalUni(key);
secretName.Length = (UInt16)(key.Length * UnicodeEncoding.CharSize);
secretName.MaximumLength = (UInt16)((key.Length + 1) * UnicodeEncoding.CharSize);
}

private IntPtr GetLsaPolicy(LSA_AccessPolicy access)
{
IntPtr LsaPolicyHandle;

uint ntsResult = LsaOpenPolicy(ref this.localsystem, ref this.objectAttributes, (uint)access, out LsaPolicyHandle);

uint winErrorCode = LsaNtStatusToWinError(ntsResult);
if (winErrorCode != 0)
{
throw new Exception("LsaOpenPolicy failed: " + winErrorCode);
}

return LsaPolicyHandle;
}

private static void ReleaseLsaPolicy(IntPtr LsaPolicyHandle)
{
uint ntsResult = LsaClose(LsaPolicyHandle);
uint winErrorCode = LsaNtStatusToWinError(ntsResult);
if (winErrorCode != 0)
{
throw new Exception("LsaClose failed: " + winErrorCode);
}
}

public void SetSecret(string value)
{
LSA_UNICODE_STRING lusSecretData = new LSA_UNICODE_STRING();

if (value.Length > 0)
{
//Create data and key
lusSecretData.Buffer = Marshal.StringToHGlobalUni(value);
lusSecretData.Length = (UInt16)(value.Length * UnicodeEncoding.CharSize);
lusSecretData.MaximumLength = (UInt16)((value.Length + 1) * UnicodeEncoding.CharSize);
}
else
{
//Delete data and key
lusSecretData.Buffer = IntPtr.Zero;
lusSecretData.Length = 0;
lusSecretData.MaximumLength = 0;
}

IntPtr LsaPolicyHandle = GetLsaPolicy(LSA_AccessPolicy.POLICY_CREATE_SECRET);
uint result = LsaStorePrivateData(LsaPolicyHandle, ref secretName, ref lusSecretData);
ReleaseLsaPolicy(LsaPolicyHandle);

uint winErrorCode = LsaNtStatusToWinError(result);
if (winErrorCode != 0)
{
throw new Exception("StorePrivateData failed: " + winErrorCode);
}
}
}
}
"@
#endregion
}

process {

try {
$ErrorActionPreference = "Stop"

$decryptedPass = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
[Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)
)

if ($BackupFile) {
# Initialize the hash table with a string comparer to allow case sensitive keys.
# This allows differentiation between the winlogon and system policy logon banner strings.
$OrigionalSettings = New-Object System.Collections.Hashtable ([system.stringcomparer]::CurrentCulture)

$OrigionalSettings.AutoAdminLogon = (Get-ItemProperty $WinlogonPath ).AutoAdminLogon
$OrigionalSettings.ForceAutoLogon = (Get-ItemProperty $WinlogonPath).ForceAutoLogon
$OrigionalSettings.DefaultUserName = (Get-ItemProperty $WinlogonPath).DefaultUserName
$OrigionalSettings.DefaultDomainName = (Get-ItemProperty $WinlogonPath).DefaultDomainName
$OrigionalSettings.DefaultPassword = (Get-ItemProperty $WinlogonPath).DefaultPassword
$OrigionalSettings.AutoLogonCount = (Get-ItemProperty $WinlogonPath).AutoLogonCount

# The winlogon logon banner settings.
$OrigionalSettings.LegalNoticeCaption = (Get-ItemProperty $WinlogonPath).LegalNoticeCaption
$OrigionalSettings.LegalNoticeText = (Get-ItemProperty $WinlogonPath).LegalNoticeText

# The system policy logon banner settings.
$OrigionalSettings.legalnoticecaption = (Get-ItemProperty $WinlogonBannerPolicyPath).legalnoticecaption
$OrigionalSettings.legalnoticetext = (Get-ItemProperty $WinlogonBannerPolicyPath).legalnoticetext

$OrigionalSettings | Export-Clixml -Depth 10 -Path $BackupFile
}

# Store the password securely.
$lsaUtil = New-Object ComputerSystem.LSAutil -ArgumentList "DefaultPassword"
$lsaUtil.SetSecret($decryptedPass)

# Store the autologon registry settings.
Set-ItemProperty -Path $WinlogonPath -Name AutoAdminLogon -Value $Enable -Force

Set-ItemProperty -Path $WinlogonPath -Name DefaultUserName -Value $Username -Force
Set-ItemProperty -Path $WinlogonPath -Name DefaultDomainName -Value $Domain -Force

if ($AutoLogonCount) {
Set-ItemProperty -Path $WinlogonPath -Name AutoLogonCount -Value $AutoLogonCount -Force
} else {
Remove-ItemProperty -Path $WinlogonPath -Name AutoLogonCount -ErrorAction SilentlyContinue
}

if ($RemoveLegalPrompt) {
Set-ItemProperty -Path $WinlogonPath -Name LegalNoticeCaption -Value $null -Force
Set-ItemProperty -Path $WinlogonPath -Name LegalNoticeText -Value $null -Force

Set-ItemProperty -Path $WinlogonBannerPolicyPath -Name legalnoticecaption -Value $null -Force
Set-ItemProperty -Path $WinlogonBannerPolicyPath -Name legalnoticetext -Value $null -Force
}
} catch {
throw 'Failed to set auto logon. The error was: "{0}".' -f $_
}

}

<#
.SYNOPSIS
Enables auto logon using the specified username and password.

.PARAMETER Username
The username of the user to automatically logon as.

.PARAMETER Password
The password for the user to automatically logon as.

.PARAMETER Domain
The domain of the user to automatically logon as.

.PARAMETER AutoLogonCount
The number of logons that auto logon will be enabled.

.PARAMETER RemoveLegalPrompt
Removes the system banner to ensure interventionless logon.

.PARAMETER BackupFile
If specified the existing settings such as the system banner text will be backed up to the specified file.

.EXAMPLE
PS C:\> Set-SecureAutoLogon `
-Username $env:USERNAME `
-Password (Read-Host -AsSecureString) `
-AutoLogonCount 2 `
-RemoveLegalPrompt `
-BackupFile "C:\WinlogonBackup.xml"

.INPUTS
None.

.OUTPUTS
None.

.NOTES
Revision History:
2011-04-19 : Andy Arismendi - Created.
2011-09-29 : Andy Arismendi - Changed to use LSA secrets to store password securely.

.LINK
http://support.microsoft.com/kb/324737

.LINK
http://msdn.microsoft.com/en-us/library/aa378750

#>

Thursday, September 29, 2011

PowerShell: Quick Easy Encryption/Decryption

Using the Windows API we can quickly encrypt and decrypt data without much hassle.

The Windows encryption API being used here is documented on MSDN here: http://msdn.microsoft.com/en-us/library/system.security.cryptography.protecteddata.aspx

# Convert a plain text string to a character array 
# and cast it to a byte array.
$bytes = "changeit".ToCharArray() | % {[byte] $_}

# Encrtyped the byte array.
$encryptedBytes = [System.Security.Cryptography.ProtectedData]::Protect(
$bytes,
$null,
[System.Security.Cryptography.DataProtectionScope]::CurrentUser)

Write-Host "Encrypted Data" -ForegroundColor Cyan
Write-Host ([string] $encryptedBytes) -ForegroundColor DarkGreen

# Unencrypt the data.
$bytes2 = [System.Security.Cryptography.ProtectedData]::Unprotect(
$encryptedBytes,
$null,
[System.Security.Cryptography.DataProtectionScope]::CurrentUser)

$bytes2 | % { $clearText += [char] $_}

Write-Host "Decrypted Data" -ForegroundColor Cyan
Write-Host ($clearText) -ForegroundColor Red

Sunday, September 18, 2011

New commands in PowerShell V3 from Windows 8 Dev Preview

There are a TON of new commands in PowerShell 3. 624 to be exact and here they all are. Time to get busy exploring!

1. Add-AppxPackage   
2. Add-BCDataCacheExtension   
3. Add-BitLockerKeyProtector   
4. Add-BitLockerPassphraseProtector   
5. Add-BitLockerStartupKey   
6. Add-BitsFile   
7. Add-DnsClientNrptRule   
8. Add-DnsClientNrptRule   
9. Add-DtcClusterTMMapping   
10. Add-EnrollmentPolicyServer   
11. Add-ExternalKeyProtectorInternal   
12. Add-InitiatorIdToMaskingSet   
13. Add-JobTrigger   
14. Add-JobTrigger   
15. Add-KdsRootKey   
16. Add-NetIpHTTPsCertBinding   
17. Add-NetLbfoTeamMember   
18. Add-NetSwitchTeamMember   
19. Add-OdbcDsn   
20. Add-PartitionAccessPath   
21. Add-PasswordProtectorInternal   
22. Add-PhysicalDisk   
23. Add-Printer   
24. Add-PrinterDriver   
25. Add-PrinterPort   
26. Add-RecoveryPasswordProtectorInternal   
27. Add-SidProtectorInternal   
28. Add-TargetPortToMaskingSet   
29. Add-TpmAndPinAndStartupKeyProtectorInternal   
30. Add-TpmAndPinProtectorInternal   
31. Add-TpmAndStartupKeyProtectorInternal   
32. Add-TpmProtectorInternal   
33. Add-VirtualDiskToMaskingSet   
34. Apply-Unattend   
35. Backup-BitLockerKeyProtector   
36. Backup-Protector   
37. Block-SmbShareAccess   
38. Clear-BCCache   
39. Clear-BitLockerAutoUnlock   
40. Clear-Disk   
41. Clear-DNSClientCache   
42. Clear-DNSClientCache   
43. Clear-KdsCache   
44. Clear-Tpm   
45. Close-SmbOpenFile   
46. Close-SmbSession   
47. Complete-BitsTransfer   
48. Complete-DtcDiagnosticTransaction   
49. Confirm-SecureBootUEFI   
50. Connect-iSCSIDiscoveredTarget   
51. Connect-PSSession   
52. ConvertFrom-Json   
53. ConvertFrom-SecureBootPolicy   
54. ConvertTo-Json   
55. ConvertTo-TpmOwnerAuth   
56. Disable-BC   
57. Disable-BCDowngrading   
58. Disable-BCServeOnBattery   
59. Disable-Bitlocker   
60. Disable-BitLockerAutoUnlock   
61. Disable-DAManualSiteSelection   
62. Disable-JobTrigger   
63. Disable-JobTrigger   
64. Disable-MMAgent   
65. Disable-NetAdapter   
66. Disable-NetAdapterBinding   
67. Disable-NetAdapterChecksumOffload   
68. Disable-NetAdapterEncapsulatedPacketTaskOffload   
69. Disable-NetAdapterIPsecOffload   
70. Disable-NetAdapterLso   
71. Disable-NetAdapterPowerManagement   
72. Disable-NetAdapterQos   
73. Disable-NetAdapterRdma   
74. Disable-NetAdapterRsc   
75. Disable-NetAdapterRss   
76. Disable-NetAdapterSriov   
77. Disable-NetAdapterVmq   
78. Disable-NetDnsTransitionConfiguration   
79. Disable-NetIpHTTPsProfile   
80. Disable-NetNatTransitionConfiguration   
81. Disable-OdbcPerfCounter   
82. Disable-PSTrace   
83. Disable-PSWSManCombinedTrace   
84. Disable-ScheduledJob   
85. Disable-ScheduledJob   
86. Disable-TpmAutoProvisioning   
87. Disable-WdacBidTrace   
88. Disable-WSManTrace   
89. Disconnect-iSCSIDiscoveredTarget   
90. Disconnect-PSSession   
91. Enable-BCDistributed   
92. Enable-BCDowngrading   
93. Enable-BCHostedClient   
94. Enable-BCHostedServer   
95. Enable-BCLocal   
96. Enable-BCServeOnBattery   
97. Enable-Bitlocker   
98. Enable-BitLockerAutoUnlock   
99. Enable-BitLockerInternal   
100. Enable-DAManualSiteSelection   
101. Enable-JobTrigger   
102. Enable-JobTrigger   
103. Enable-MMAgent   
104. Enable-NetAdapter   
105. Enable-NetAdapterBinding   
106. Enable-NetAdapterChecksumOffload   
107. Enable-NetAdapterEncapsulatedPacketTaskOffload   
108. Enable-NetAdapterIPsecOffload   
109. Enable-NetAdapterLso   
110. Enable-NetAdapterPowerManagement   
111. Enable-NetAdapterQos   
112. Enable-NetAdapterRdma   
113. Enable-NetAdapterRsc   
114. Enable-NetAdapterRss   
115. Enable-NetAdapterSriov   
116. Enable-NetAdapterVmq   
117. Enable-NetDnsTransitionConfiguration   
118. Enable-NetIpHTTPsProfile   
119. Enable-NetNatTransitionConfiguration   
120. Enable-OdbcPerfCounter   
121. Enable-PSTrace   
122. Enable-PSWSManCombinedTrace   
123. Enable-Sample   
124. Enable-Sample2   
125. Enable-Sample3   
126. Enable-ScheduledJob   
127. Enable-ScheduledJob   
128. Enable-TpmAutoProvisioning   
129. Enable-WdacBidTrace   
130. Enable-WSManTrace   
131. Export-BCCachePackage   
132. Export-BCSecretKey   
133. Export-Certificate   
134. Export-CimCommand   
135. Export-PfxCertificate   
136. Format-SecureBootUEFI   
137. Format-Volume   
138. Get-AppLockerFileInformation   
139. Get-AppLockerPolicy   
140. Get-AppxLastError   
141. Get-AppxPackage   
142. Get-AppxPackageManifest   
143. Get-AutoEnrollmentPolicy   
144. Get-BCClientSettings   
145. Get-BCContentServerSettings   
146. Get-BCDataCache   
147. Get-BCDataCacheExtension   
148. Get-BCHashCache   
149. Get-BCHostedCacheServerSettings   
150. Get-BCNetworkSettings   
151. Get-BCStatus   
152. Get-BitLockerVolume   
153. Get-BitLockerVolumeInternal   
154. Get-BitsTransfer   
155. Get-Certificate   
156. Get-CertificateNotificationTask   
157. Get-CimAssociatedInstance   
158. Get-CimClass   
159. Get-CimInstance   
160. Get-CimSession   
161. Get-ClusteredScheduledTask   
162. Get-ClusteredScheduledTaskInfo   
163. Get-ControlPanelItem   
164. Get-DAClientExperienceSettings   
165. Get-DAConnectionStatus   
166. Get-DAPolicyChange   
167. Get-DASiteTableEntry   
168. Get-Disk   
169. Get-DNSClient   
170. Get-DNSClient   
171. Get-DNSClientCache   
172. Get-DNSClientCache   
173. Get-DnsClientEffectiveNrptPolicy   
174. Get-DnsClientEffectiveNrptPolicy   
175. Get-DnsClientNrptGlobal   
176. Get-DnsClientNrptGlobal   
177. Get-DnsClientNrptRule   
178. Get-DnsClientNrptRule   
179. Get-DNSGlobalSettings   
180. Get-DNSGlobalSettings   
181. Get-DNSServerAddress   
182. Get-DNSServerAddress   
183. Get-Dtc   
184. Get-DtcAdvancedHostSetting   
185. Get-DtcAdvancedSetting   
186. Get-DtcClusterDefault   
187. Get-DtcClusterTMMapping   
188. Get-DtcDefault   
189. Get-DtcLog   
190. Get-DtcNetworkSetting   
191. Get-DtcTransaction   
192. Get-DtcTransactionsStatistics   
193. Get-DtcTransactionsTraceSession   
194. Get-DtcTransactionsTraceSetting   
195. Get-EncryptableVolume   
196. Get-EncryptableVolumes   
197. Get-EnrollmentPolicyServer   
198. Get-ExceptionForHrInternal   
199. Get-InitiatorId   
200. Get-InitiatorPort   
201. Get-iSCSIConnection   
202. Get-iSCSIDiscoveredTarget   
203. Get-iSCSIPersistentTarget   
204. Get-iSCSISession   
205. Get-iSCSITargetPortal   
206. Get-JobTrigger   
207. Get-JobTrigger   
208. Get-KdsConfiguration   
209. Get-KdsRootKey   
210. Get-LogProperties   
211. Get-MaskingSet   
212. Get-NCSIPolicyConfiguration   
213. Get-Net6to4Configuration   
214. Get-Net6to4State   
215. Get-NetAdapter   
216. Get-NetAdapterAdvancedProperty   
217. Get-NetAdapterBinding   
218. Get-NetAdapterChecksumOffload   
219. Get-NetAdapterEncapsulatedPacketTaskOffload   
220. Get-NetAdapterHardwareInfo   
221. Get-NetAdapterIPsecOffload   
222. Get-NetAdapterLso   
223. Get-NetAdapterPowerManagement   
224. Get-NetAdapterQos   
225. Get-NetAdapterRdma   
226. Get-NetAdapterRsc   
227. Get-NetAdapterRss   
228. Get-NetAdapterSriov   
229. Get-NetAdapterSriovVf   
230. Get-NetAdapterStatistics   
231. Get-NetAdapterVmq   
232. Get-NetAdapterVMQQueue   
233. Get-NetAdapterVPort   
234. Get-NetDnsTransitionConfiguration   
235. Get-NetDnsTransitionMonitoring   
236. Get-NetIPAddress   
237. Get-NetIpHTTPsConfiguration   
238. Get-NetIpHTTPsState   
239. Get-NetIPInterface   
240. Get-NetIPv4Protocol   
241. Get-NetIPv6Protocol   
242. Get-NetISATAPConfiguration   
243. Get-NetISATAPState   
244. Get-NetLbfoTeam   
245. Get-NetLbfoTeamMember   
246. Get-NetLbfoTeamNic   
247. Get-NetNatTransitionConfiguration   
248. Get-NetNatTransitionMonitoring   
249. Get-NetNeighbor   
250. Get-NetOffloadGlobalSetting   
251. Get-NetPrefixPolicy   
252. Get-NetQosPolicy   
253. Get-NetRoute   
254. Get-NetSwitchTeam   
255. Get-NetSwitchTeamMember   
256. Get-NetTCPConnection   
257. Get-NetTCPSetting   
258. Get-NetTeredoConfiguration   
259. Get-NetTeredoState   
260. Get-NetTransportFilter   
261. Get-NetUDPConnection   
262. Get-NetUDPSetting   
263. Get-OdbcDriver   
264. Get-OdbcDsn   
265. Get-OdbcPerfCounter   
266. Get-Partition   
267. Get-PartitionAccessPath   
268. Get-PartitionSupportedSizes   
269. Get-PfxData   
270. Get-PhysicalDisk   
271. Get-PrintConfig   
272. Get-Printer   
273. Get-PrinterDriver   
274. Get-PrinterPort   
275. Get-PrintJob   
276. Get-Protectors   
277. Get-RecoveryKeyProtectorsCountInternal   
278. Get-ScheduledJob   
279. Get-ScheduledJob   
280. Get-ScheduledJobOption   
281. Get-ScheduledJobOption   
282. Get-ScheduledTask   
283. Get-ScheduledTaskInfo   
284. Get-SecureBootUEFI   
285. Get-SmbClientConfiguration   
286. Get-SmbClientNetworkInterface   
287. Get-SmbConnection   
288. Get-SmbConnectionNetworkInterface   
289. Get-SmbOpenFile   
290. Get-SmbServerConfiguration   
291. Get-SmbServerNetworkInterface   
292. Get-SmbSession   
293. Get-SmbShare   
294. Get-SmbShareAccess   
295. Get-SmbWitnessCluster   
296. Get-SmbWitnessClusterClient   
297. Get-SmbWitnessClusterResource   
298. Get-StorageAttributes   
299. Get-StoragePool   
300. Get-StorageProvider   
301. Get-StorageSettings   
302. Get-StorageSubSystem   
303. Get-TargetPort   
304. Get-Tpm   
305. Get-Tpm   
306. Get-TroubleshootingPack   
307. Get-TypeData   
308. Get-VirtualDisk   
309. Get-VirtualDiskSupportedSizes   
310. Get-Volume   
311. Get-WdacBidTrace   
312. Get-Win32EncryptableVolumeInternal   
313. Grant-SmbShareAccess   
314. Hide-VirtualDisk   
315. Import-BCCachePackage   
316. Import-BCSecretKey   
317. Import-Certificate   
318. Import-PfxCertificate   
319. Import-PSWorkflow   
320. Import-TpmOwnerAuth   
321. Initialize-Disk   
322. Initialize-Tpm   
323. Install-Dtc   
324. Install-SecureBootPolicy   
325. Invoke-CimMethod   
326. Invoke-RestMethod   
327. Invoke-TroubleshootingPack   
328. Invoke-WebRequest   
329. Join-DtcDiagnosticResourceManager   
330. Lock-BitLocker   
331. Move-SmbWitnessClusterClient   
332. New-AppLockerPolicy   
333. New-CertificateNotificationTask   
334. New-CimInstance   
335. New-CimSession   
336. New-CimSessionOption   
337. New-DASiteTableEntry   
338. New-DtcDiagnosticTransaction   
339. New-iSCSITargetPortal   
340. New-JobTrigger   
341. New-JobTrigger   
342. New-MaskingSet   
343. New-NetAdapterAdvancedProperty   
344. New-NetAuthenticationProposal   
345. New-NetIPAddress   
346. New-NetIpHTTPsConfiguration   
347. New-NetLbfoTeam   
348. New-NetLbfoTeamNic   
349. New-NetMainModeCryptoProposal   
350. New-NetNatTransitionConfiguration   
351. New-NetNeighbor   
352. New-NetPrefixPolicy   
353. New-NetQosPolicy   
354. New-NetQuickModeCryptoProposal   
355. New-NetRoute   
356. New-NetSwitchTeam   
357. New-NetTransportFilter   
358. New-Partition   
359. New-PSSessionConfigurationFile   
360. New-PSTransportOption   
361. New-PSWorkflowExecutionOption   
362. New-ScheduledJobOption   
363. New-ScheduledJobOption   
364. New-ScheduledTask   
365. New-ScheduledTaskAction   
366. New-ScheduledTaskPrincipal   
367. New-ScheduledTaskSettings   
368. New-ScheduledTaskTrigger   
369. New-SelfSignedCertificate   
370. New-SmbConnection   
371. New-SmbShare   
372. New-StoragePool   
373. New-StorageSubSystemVirtualDisk   
374. New-VirtualDisk   
375. New-VirtualDiskClone   
376. New-VirtualDiskSnapshot   
377. New-WinEvent   
378. Optimize-Volume   
379. Publish-BCFileHashes   
380. Publish-BCWebHashes   
381. Receive-DtcDiagnosticTransaction   
382. Receive-PSSession   
383. Register-CimIndicationEvent   
384. Register-ClusteredScheduledTask   
385. Register-iSCSIPersistentTarget   
386. Register-JobEvent   
387. Register-ScheduledJob   
388. Register-ScheduledJob   
389. Register-ScheduledTask   
390. Remove-AppxPackage   
391. Remove-BCDataCacheExtension   
392. Remove-BitlockerKeyProtector   
393. Remove-BitsTransfer   
394. Remove-CertificateNotificationTask   
395. Remove-CimInstance   
396. Remove-CimSession   
397. Remove-DASiteTableEntry   
398. Remove-DnsClientNrptRule   
399. Remove-DnsClientNrptRule   
400. Remove-DtcClusterTMMapping   
401. Remove-EnrollmentPolicyServer   
402. Remove-InitiatorId   
403. Remove-InitiatorIdFromMaskingSet   
404. Remove-iSCSITargetPortal   
405. Remove-JobTrigger   
406. Remove-JobTrigger   
407. Remove-KeyProtectorByTypeInternal   
408. Remove-MaskingSet   
409. Remove-NetAdapterAdvancedProperty   
410. Remove-NetIPAddress   
411. Remove-NetIpHTTPsCertBinding   
412. Remove-NetIpHTTPsConfiguration   
413. Remove-NetLbfoTeam   
414. Remove-NetLbfoTeamMember   
415. Remove-NetLbfoTeamNic   
416. Remove-NetNatTransitionConfiguration   
417. Remove-NetNeighbor   
418. Remove-NetPrefixPolicy   
419. Remove-NetQosPolicy   
420. Remove-NetRoute   
421. Remove-NetSwitchTeam   
422. Remove-NetSwitchTeamMember   
423. Remove-NetTransportFilter   
424. Remove-OdbcDsn   
425. Remove-Partition   
426. Remove-PartitionAccessPath   
427. Remove-PhysicalDisk   
428. Remove-Printer   
429. Remove-PrinterDriver   
430. Remove-PrinterPort   
431. Remove-PrintJob   
432. Remove-SmbConnection   
433. Remove-SmbShare   
434. Remove-StoragePool   
435. Remove-TargetPortFromMaskingSet   
436. Remove-TypeData   
437. Remove-VirtualDisk   
438. Remove-VirtualDiskFromMaskingSet   
439. Rename-Computer   
440. Rename-DASiteTableEntry   
441. Rename-MaskingSet   
442. Rename-NetAdapter   
443. Rename-NetIpHTTPsConfiguration   
444. Rename-NetLbfoTeam   
445. Rename-NetSwitchTeam   
446. Rename-Printer   
447. Repair-SecureBootPolicy   
448. Repair-VirtualDisk   
449. Repair-Volume   
450. Reset-BC   
451. Reset-DAClientExperienceSettings   
452. Reset-DASiteTableEntry   
453. Reset-DtcLog   
454. Reset-NCSIPolicyConfiguration   
455. Reset-Net6to4Configuration   
456. Reset-NetAdapterAdvancedProperty   
457. Reset-NetDnsTransitionConfiguration   
458. Reset-NetIpHTTPsConfiguration   
459. Reset-NetISATAPConfiguration   
460. Reset-NetNatTransitionConfiguration   
461. Reset-NetRoute   
462. Reset-NetTeredoConfiguration   
463. Resize-Partition   
464. Resize-VirtualDisk   
465. Resolve-DnsName   
466. Resolve-DnsName   
467. Restart-NetAdapter   
468. Restart-PrintJob   
469. Resume-BitLocker   
470. Resume-BitsTransfer   
471. Resume-Job   
472. Resume-PrintJob   
473. Revoke-SmbShareAccess   
474. Save-Help   
475. Send-DtcDiagnosticTransaction   
476. Set-AppLockerPolicy   
477. Set-AutoEnrollmentPolicy   
478. Set-BCAuthentication   
479. Set-BCCache   
480. Set-BCMinSMBLatency   
481. Set-BCSecretKey   
482. Set-BitLockerVolumeInternal   
483. Set-BitsTransfer   
484. Set-CimInstance   
485. Set-ClusteredScheduledTask   
486. Set-DAClientExperienceSettings   
487. Set-DASiteTableEntry   
488. Set-Disk   
489. Set-DNSClient   
490. Set-DNSClient   
491. Set-DnsClientNrptGlobal   
492. Set-DnsClientNrptGlobal   
493. Set-DnsClientNrptRule   
494. Set-DnsClientNrptRule   
495. Set-DNSGlobalSettings   
496. Set-DNSGlobalSettings   
497. Set-DtcAdvancedHostSetting   
498. Set-DtcAdvancedSetting   
499. Set-DtcClusterDefault   
500. Set-DtcClusterTMMapping   
501. Set-DtcDefault   
502. Set-DtcLog   
503. Set-DtcNetworkSetting   
504. Set-DtcTransaction   
505. Set-DtcTransactionsTraceSession   
506. Set-DtcTransactionsTraceSetting   
507. Set-InitiatorPort   
508. Set-iSCSIInitiator   
509. Set-JobTrigger   
510. Set-JobTrigger   
511. Set-KdsConfiguration   
512. Set-LogProperties   
513. Set-MMAgent   
514. Set-NCSIPolicyConfiguration   
515. Set-Net6to4Configuration   
516. Set-NetAdapter   
517. Set-NetAdapterAdvancedProperty   
518. Set-NetAdapterBinding   
519. Set-NetAdapterChecksumOffload   
520. Set-NetAdapterEncapsulatedPacketTaskOffload   
521. Set-NetAdapterIPsecOffload   
522. Set-NetAdapterLso   
523. Set-NetAdapterPowerManagement   
524. Set-NetAdapterQos   
525. Set-NetAdapterRdma   
526. Set-NetAdapterRsc   
527. Set-NetAdapterRss   
528. Set-NetAdapterSriov   
529. Set-NetAdapterVmq   
530. Set-NetDnsTransitionConfiguration   
531. Set-NetIPAddress   
532. Set-NetIpHTTPsConfiguration   
533. Set-NetIPInterface   
534. Set-NetIPv4Protocol   
535. Set-NetIPv6Protocol   
536. Set-NetISATAPConfiguration   
537. Set-NetLbfoTeam   
538. Set-NetLbfoTeamMember   
539. Set-NetLbfoTeamNic   
540. Set-NetNatTransitionConfiguration   
541. Set-NetNeighbor   
542. Set-NetOffloadGlobalSetting   
543. Set-NetPrefixPolicy   
544. Set-NetQosPolicy   
545. Set-NetRoute   
546. Set-NetTCPSetting   
547. Set-NetTeredoConfiguration   
548. Set-NetUDPSetting   
549. Set-OdbcDriver   
550. Set-OdbcDsn   
551. Set-Partition   
552. Set-PhysicalDisk   
553. Set-PrintConfig   
554. Set-Printer   
555. Set-ScheduledJob   
556. Set-ScheduledJob   
557. Set-ScheduledJobOption   
558. Set-ScheduledJobOption   
559. Set-ScheduledTask   
560. Set-SecureBootUEFI   
561. Set-SmbClientConfiguration   
562. Set-SmbServerConfiguration   
563. Set-SmbShare   
564. Set-StorageAttributes   
565. Set-StoragePool   
566. Set-StorageSettings   
567. Set-StorageSubSystem   
568. Set-TpmOwnerAuth   
569. Set-VirtualDisk   
570. Set-Volume   
571. Show-BitLockerRequiredActionsInternal   
572. Show-BitLockerStatus   
573. Show-Command   
574. Show-ControlPanelItem   
575. Show-VirtualDisk   
576. Start-BitsTransfer   
577. Start-Dtc   
578. Start-DtcDiagnosticResourceManager   
579. Start-DtcTransactionsTraceSession   
580. Start-ScheduledTask   
581. Start-Trace   
582. Stop-Dtc   
583. Stop-DtcDiagnosticResourceManager   
584. Stop-DtcTransactionsTraceSession   
585. Stop-ScheduledTask   
586. Stop-Trace   
587. Suspend-BitLocker   
588. Suspend-BitsTransfer   
589. Suspend-Job   
590. Suspend-PrintJob   
591. Switch-Certificate   
592. Test-AppLockerPolicy   
593. Test-BitLocker   
594. Test-BitLocker2   
595. Test-Certificate   
596. Test-Dtc   
597. Test-KdsRootKey   
598. Test-PhysicalDisk   
599. Test-PSSessionConfigurationFile   
600. Test-SecureBootPolicy   
601. Test-SystemEntropyForBitLockerInternal   
602. Test-TpmForBitLockerInternal   
603. Test-TpmProtectorNeededInternal   
604. Unblock-File   
605. Unblock-SmbShareAccess   
606. Unblock-Tpm   
607. Undo-DtcDiagnosticTransaction   
608. Uninstall-Dtc   
609. Unlock-AdAccountOrGroupInternal   
610. Unlock-BitLocker   
611. Unlock-PasswordInternal   
612. Unlock-RecoveryKeyInternal   
613. Unlock-RecoveryPasswordInternal   
614. Unregister-ClusteredScheduledTask   
615. Unregister-iSCSIPersistentTarget   
616. Unregister-ScheduledJob   
617. Unregister-ScheduledJob   
618. Unregister-ScheduledTask   
619. Update-Help   
620. Update-HostStorageCache   
621. Update-iSCSIDiscoveredTarget   
622. Update-iSCSITargetPortal   
623. Update-StorageProviderCache   
624. Write-DtcTransactionsTraceSession   

Thursday, September 1, 2011

Creating certificates with SANs using OpenSSL

IIS 7 provides some easy to use wizards to create SSL certificates, however not very powerful ones. What I needed to do was to create SSL certificates that included a x.509 V3 extension, namely subject alternative names, a.k.a SANs. What SANs do is allow the website certificate to validate incoming requests by more than one URL domain name. This is really important when the web server is running web services such as WCF services and when other web services connect to them over SSL connections as with service oriented architectures. Unless special code is added to the web services to override the default SSL validation handler routines, the common name (CN) of the certificate MUST match the incoming request URL domain. So if the request was made using an FQDN, the certificate must have the FQDN as a CN or a SAN, a IP address or just a hostname will cause an SSL validation error and the connection will fail.

SANs to the rescue… SANs support, among other things, DNS names and IP addresses. So by creating the certificate with SANs of the server FQDN and IP address, it increases the ways that other web services can connect.

There are a number of tools that can generate certificates: makecert.exe, keytool.exe (java), selfssl.exe and openssl.exe. In addition, starting with Windows Vista and Server 2008 Microsoft added the CertEnroll API which can also create certificates programmatically either through COM interfaces.

OpenSSL ended up doing exactly what I needed it to do. The process was fairly straight forward.

1) Construct an OpenSSL config file.

[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = VA
L = Somewhere
O = MyOrg
OU = MyOU
CN = MyServerName
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = MyServerName
DNS.2 = 10.0.1.34
IP.1 = 10.0.1.34
IP.2 = 192.167.20.1

2) Create x509 request with OpenSSL

openssl.exe req -x509 -nodes -days 730 -newkey rsa:2048 -keyout C:\cert.pem -out C:\cert.pem -config C:\PathToConfigFileAbove.txt

3) Create a PFX containing the keypair

openssl.exe pkcs12 -export -out C:\cert.pfx -in C:\cert.pem -name "My Cert" -passout pass:mypassword

4) Import the PFX into IIS using the import link in the server certificates area.

5) Bind the certificate to the IIS websites.

And viola, we know have a SSL certificate for IIS with SANs so we can connect using multiple domain names without certificate validation errors.

Sunday, August 21, 2011

PowerShell: Test-UserCredential

Sometimes you may find it necessary to validate a user’s credentials before using them. I’ve created a simple PowerShell function to do just that and posted it to PoshCode. The script makes use of the PrincipalContext class in the System.DirectoryServices.AccountManagement namespace. Specifically, the ValidateCredentials method is used to determine whether not the provided credentials are valid against either the machines domain or local SAM database depending on whether the –Domain flag is specified or not.

Check out the script:

function Test-UserCredential {
[CmdletBinding(DefaultParameterSetName = "set1")]
[OutputType("set1", [System.Boolean])]
[OutputType("PSCredential", [System.Boolean])]
param(
[Parameter(Mandatory=$true, ParameterSetName="set1", position=0)]
[ValidateNotNullOrEmpty()]
[String] $Username,

[Parameter(Mandatory=$true, ParameterSetName="set1", position=1)]
[ValidateNotNullOrEmpty()]
[System.Security.SecureString] $Password,

[Parameter(Mandatory=$true, ParameterSetName="PSCredential", ValueFromPipeline=$true, position=0)]
[ValidateNotNullOrEmpty()]
[Management.Automation.PSCredential] $Credential,

[Parameter(position=2)]
[Switch] $Domain,

[Parameter(position=3)]
[Switch] $UseKerberos
)

Begin {
try {
$assemType = 'System.DirectoryServices.AccountManagement'
$assem = [reflection.assembly]::LoadWithPartialName($assemType) }
catch { throw 'Failed to load assembly "System.DirectoryServices.AccountManagement". The error was: "{0}".' -f $_ }

$system = Get-WmiObject -Class Win32_ComputerSystem

if (0, 2 -contains $system.DomainRole -and $Domain) {
throw 'This computer is not a member of a domain.'
}
}

Process {
try {
switch ($PSCmdlet.ParameterSetName) {
'PSCredential' {
if ($Domain) {
$Username = $Credential.UserName.TrimStart('\')
} else {
$Username = $Credential.GetNetworkCredential().UserName
}
$PasswordText = $Credential.GetNetworkCredential().Password
}
'set1' {
# Decrypt secure string.
$PasswordText = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
[Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)
)
}
}

if ($Domain) {
$pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Domain', $system.Domain
} else {
$pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Machine', $env:COMPUTERNAME
}

if ($Domain -and $UseKerberos) {
return $pc.ValidateCredentials($Username, $PasswordText)
} else {
return $pc.ValidateCredentials($Username, $PasswordText, [DirectoryServices.AccountManagement.ContextOptions]::Negotiate)
}
} catch {
throw 'Failed to test user credentials. The error was: "{0}".' -f $_
} finally {
Remove-Variable -Name Username -ErrorAction SilentlyContinue
Remove-Variable -Name Password -ErrorAction SilentlyContinue
}
}

<#
.SYNOPSIS
Validates credentials for local or domain user.

.PARAMETER Username
The user's username.

.PARAMETER Password
The user's password.

.PARAMETER Credential
A PSCredential object created by Get-Credential. This can be pipelined to Test-UserCredential.

.PARAMETER Domain
If this flag is set the user credentials should be a domain user account.

.PARAMETER UseKerberos
By default NTLM is used. Specify this switch to attempt kerberos authentication.

This is only used with the 'Domain' parameter.

You may need to specify domain\user.

.EXAMPLE
PS C:\> Test-UserCredential -Username andy -password (Read-Host -AsSecureString)

.EXAMPLE
PS C:\> Test-UserCredential -Username 'mydomain\andy' -password (Read-Host -AsSecureString) -domain -UseKerberos

.EXAMPLE
PS C:\> Test-UserCredential -Username 'andy' -password (Read-Host -AsSecureString) -domain

.EXAMPLE
PS C:\> Get-Credential | Test-UserCredential

.INPUTS
None.

.OUTPUTS
System.Boolean.

.LINK
http://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.principalcontext.aspx

.NOTES
Revision History
2011-08-21: Andy Arismendi - Created.
2011-08-22: Andy Arismendi - Add pipelining support for Get-Credential.
2011-08-22: Andy Arismendi - Add support for NTLM/kerberos switch.
#>
}

Test-UserCredential -user andy -password (Read-Host -AsSecureString)

Wednesday, March 16, 2011

Powershell: Adding background job support to script cmdlets

Recently I’ve been writing a lot of script cmdlets in modules. One such cmdlet is used to wrap an executable which has the tendency to take a very long time to complete and I needed to run it more than ten times back to back. To attempt to speed things up I thought it would be great to add an –AsJob parameter to my script cmdlet. This way the cmdlet returns me a Powershell background job so that I can spin up multiple instances of my script cmdlet at the same time. Below is an example of my approach to implementing the –AsJob parameter to a simple script cmdlet.

Enjoy!

1 function Test-Job {
2 [CmdletBinding()]
3 param (
4 [parameter(mandatory=$true)] [String]
5 $Computer,
6
7 [parameter()] [Int16]
8 $Retries = 4,
9
10 [parameter()] [Switch]
11 $AsJob
12 )
13
14 $ScriptBlock = {
15 [CmdletBinding()]
16 param (
17 [parameter(mandatory=$true)] [String]
18 $Computer,
19
20 [parameter()] [Int16]
21 $Retries = 4
22 )
23
24 $output = & ping.exe $Computer -n $Retries 2>&1
25
26 if ($LASTEXITCODE -ne 0) {
27 throw $output
28 } else {
29 $output
30 }
31 }
32
33 if ($AsJob) {
34 Start-Job -ScriptBlock $ScriptBlock -ArgumentList `
35 $Computer, $Retries
36 } else {
37 Invoke-Command -ScriptBlock $ScriptBlock -ArgumentList `
38 $Computer, $Retries
39 }
40 }
41
42 # Fails.
43 $job = Test-Job -Computer 127.0.0.0 -Retries 6 -AsJob
44 Wait-Job -Job $job
45 Receive-Job $job
46
47 # Succeeds.
48 $job2 = Test-Job -Computer 127.0.0.1 -Retries 6 -AsJob
49 Wait-Job -Job $job2
50 Receive-Job $job2
51
52 # Fails.
53 Test-Job -Computer 127.0.0.0 -Retries 6
54
55 # Succeeds.
56 Test-Job -Computer 127.0.0.1 -Retries 6

Saturday, February 26, 2011

The case of the flash crash

One of my favorite things to do is to watch Leo Laporte’s TWiT network. On the website they offer a live feed which is great to tune into. The feed however requires Adobe flash to view the feed. When I tried to checkout the show on my work laptop, it would immediately BSOD my HP 8510p laptop running Windows XP SP3 x86. Unfortunately this would happen EVERY time I tried to view the show. Being a fan of Mark Russinovich’s ‘the case of’ blog series I thought I'd share how I identified the cause of the BSOD and ultimately how I fixed it.


To analyze the crash I had to install WinDbg which is installed with the Windows SDK. I downloaded the Windows 7 SDK and installed WinDbg . Before I installed WinDbg I needed to set my system crash dump settings to a create a full dump. On the System Properties applet select Advanced tab > Start and Recovery Settings > Kernel memory dump.

2011-02-26 13h14_50
2011-02-26 13h12_36 
2011-02-26 13h13_35
After configuring my crash dump I forced a crash by trying to view TWiT again, BOOM > BSOD.


Now I was ready to reboot and open the MEMORY.DMP file in WinDbg . The one thing you’ll need to do in WinDbg is setup the symbol server.
2011-02-26 13h25_22 
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols


Opening the crash dump showed me:

Probably caused by : ativvaxx.dll ( ativvaxx!vMMDLLInitFuncs+51a9 )

Ah ha! An ATI driver:
0: kd> lmvm ativvaxx
start    end        module name
bf400000 bf573100   ativvaxx   (export symbols)       ativvaxx.dll
    Loaded symbol image file: ativvaxx.dll
    Image path: \SystemRoot\System32\ativvaxx.dll
    Image name: ativvaxx.dll
    Timestamp:        Tue Jan 29 21:49:52 2008 (479FE5D0)
    CheckSum:         0017A815
    ImageSize:        00173100
    File version:     6.14.10.161
    Product version:  6.14.10.161
    File flags:       0 (Mask 0)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04e4
    CompanyName:      ATI Technologies Inc.
    ProductName:      ATI Technologies Inc. Radeon Video Acceleration Universal Driver
    InternalName:     ativvaxx.dll
    OriginalFilename: ativvaxx.dll
    ProductVersion:   6.14.10.0161
    FileVersion:      6.14.10.0161
    PrivateBuild:     Built by swtools on CNABAE04 on 01/29/08 at 21:49
    SpecialBuild:     DevStudio Build
    FileDescription:  Radeon Video Acceleration Universal Driver
    LegalCopyright:   Copyright (C) 1998-2005 ATI Technologies Inc.
    LegalTrademarks:  Radeon (TM) is a Trademark of ATI Technologies Inc.


After I identified the cause I decided to update my video card drivers. So I went over to HP’s website and downloaded the latest ATI video card drivers and installed them.


After rebooting, the version of ativvaxx.dll changed from 6.14.10.161 to 6.14.10.0233 and viola opening the Flash TWiT live feed player did not crash my computer anymore! Now back to watching TWiT :-)