Page : 1/1

First Page    Prev. Page    Next Page    Last Page


Wednesday, 18 Aug 2010

If you have an off-line machine that you want to check for Windows Updates I have devised a script that will do just that.

Simply run this script on a machine that has Internet connectivity. Comment out the SaveBinaryFile bit and copy the script and the file it has downloaded to another computer and run.

Option Explicit

'-- Get Working Directory --'
Dim WShell, CurrentDirectory
Set WShell = CreateObject("WScript.Shell")
'Just use the script's folder: CurrentDirectory = Replace(WScript.ScriptFullName,WScript.ScriptName,"")
CurrentDirectory = WShell.CurrentDirectory & "\"
WScript.Echo "Current Directory - " & CurrentDirectory
Set WShell = Nothing

'-- Inform the user. --'
WScript.Echo "Downloading list of updates..." & VbCrlf

'-- Download the latest list of updates--'
SaveBinaryFile "http://go.microsoft.com/fwlink/?LinkId=76054", "Wsusscn2.cab"

'-- Now we can check our system --'
Dim UpdateSession, UpdateServiceManager, UpdateService, UpdateSearcher
Set UpdateSession = CreateObject("Microsoft.Update.Session")
Set UpdateServiceManager = CreateObject("Microsoft.Update.ServiceManager")

'-- Offline catalog (Wsusscn2.cab). This is the offline catalog file. --'
On Error Resume Next
Set UpdateService = UpdateServiceManager.AddScanPackageService("Offline Sync Service", CurrentDirectory & "wsusscn2.cab")

If Err.Number = 5 Then
WScript.Echo "Error: " & Err.Number & " - " & Err.Description & VbCrlf
On Error GoTo 0
WScript.Echo "Reason: The API is unable to use a network path for the catalog file. The path specified was " & CurrentDirectory & "wsusscn2.cab. Please move this to a local path and try again." & VbCrlf
WScript.Quit
ElseIf Err.Number <> 0 Then

'-- Store the current error --'
Dim Number
Dim Source
Dim Description
Dim HelpFile
Dim HelpContext

Number = Err.Number
Source = Err.Source
Description = Err.Description
HelpFile = Err.HelpFile
HelpContext = Err.HelpContext

On Error Goto 0

'-- Re-raise Error --'
Err.Raise Number, Source, Description, HelpFile, HelpContext
End If

On Error GoTo 0

'-- Now create a searcher based on our Microsoft Update Session. --'
Set UpdateSearcher = UpdateSession.CreateUpdateSearcher()

'-- Inform the user. --'
WScript.Echo "Searching for updates..." & vbCRLF

'-- Link our API to the real Windows Update service --'
UpdateSearcher.ServerSelection = 3 ' ssOthers
UpdateSearcher.ServiceID = UpdateService.ServiceID

Dim SearchResult
Set SearchResult = UpdateSearcher.Search("IsInstalled=0")

Dim Updates
Set Updates = SearchResult.Updates

If searchResult.Updates.Count = 0 Then
WScript.Echo "There are no applicable updates."
WScript.Quit
End If

WScript.Echo "List of applicable items on the machine when using wsusscn2.cab:" & vbCRLF

Dim Count
For Count = 0 To searchResult.Updates.Count-1
Dim Update
Set Update = searchResult.Updates.Item(Count)
WScript.Echo Count + 1 & "> " & update.Title
Set Update = Nothing
Next

Set Updates = Nothing
Set SearchResult = Nothing

Set UpdateSearcher = Nothing
Set UpdateSession = Nothing

WScript.Quit

Sub SaveBinaryFile(strFileURL,strHDLocation)
Dim FSO
Set FSO = Createobject("Scripting.FileSystemObject")

If NOT FSO.FileExists(strHDLocation) Then
'FSO.DeleteFile strHDLocation
Dim XMLHTTP
Set XMLHTTP = CreateObject("MSXML2.ServerXMLHTTP.6.0")
XMLHTTP.open "GET", strFileURL, false
XMLHTTP.send()

If XMLHTTP.Status = 200 Then
Dim ADOStream
Set ADOStream = CreateObject("ADODB.Stream")
ADOStream.Open
ADOStream.Type = 1 'adTypeBinary

ADOStream.Write XMLHTTP.ResponseBody
ADOStream.Position = 0 'Set the stream position to the start
End If

ADOStream.SaveToFile strHDLocation
ADOStream.Close
Set ADOStream = Nothing
End If

Set XMLHTTP = Nothing
Set FSO = Nothing
End Sub

Saturday, 7 Aug 2010

Want to make a certificate for your Linux server? Or do you just have some sort of Windows mail server that wants a private and public key but because you are using the Microsoft Certificate Authority in Enterprise CA mode you struggle to make it work?

Unfortunately when using Microsoft Certificate Authority it is not that well documented, as Microsoft assumes that all certificate requests will come from Microsoft Certificate Authority aware programs (that will in the case of the Enterprise CA mode, will preferably list what template it belongs to).

Microsoft Certificate Authority set to the active directory integrated "Enterprise Certificate Authority" mode (and not Standalone Certificate Authority) mode means that everything must ask for a specific "Template". Attempting to submit a request via the console (that does not include a template) and not the Microsoft Certificate Authority website will generate the rather annoying error :
The request contains no certificate template information 0x80094801 (-2146875391). Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the Certificate Template request attribute.

To generate a new request, on a Linux server type:
openssl req -new -newkey rsa:2048 -nodes -keyout PBX_PrivateKey.key -out PBX_SigningRequest.csr

This will generate a certificate signing request ready to be given to the CA. Copy the CSR (not the private key, that should be kept private) to your CA by opening up the CSR in a text editor and visiting the Microsoft Certificate Authority website for your server (something like http://server/CertSrv) then click "Request a certificate" and select "Or, submit an advanced certificate request.", paste the CSR into the text box and importantly select "Web Server" under the "Certificate Template:" (it does not really matter if this is for a mail server). Then click "Submit ->" then depending upon your CAs policy (either it will require Administrator intervention or just issue), you should be issued with a signed certificate ready for use on your server of choice.

Should you already have an existing certificate (say for your IIS web server) and you would like to export it to a Linux server (say Apache) you may find that exporting it places it in this combined PFX (Personal Information Exchange / PKCS#12) format which TomCat is content with but not Apache.

To convert it to a more useful Linux Apache PEM file:

Type "openssl pkcs12 -in filename.pfx -nocerts -nodes -out PBX_PrivateKey.pem" (you will be prompted for the password) to export the private key (no certificates at all will be output).

Then type "openssl pkcs12 -in filename.pfx -clcerts -nokeys -out PBX_Certificate.pem" to export the certificate.

Success, you should now have your private key and certificate back!

References :
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7004039&sliceId=1&docTypeID=DT_TID_1_1
http://www.openssl.org/docs/apps/pkcs12.html