@pmoncho said in Powershell "-eq" operator and "False":

@Obsolesce said in Powershell "-eq" operator and "False":

In PowerShell, typically if it's in double quotes, it's a string. That's what you were were checking for, is if a given string equals the word "False".... instead of the boolean true/false, as $true/$false.

To find out what type of output you're dealing with, you can always use the built-in getType() method. You'll notice the Name property of String or Boolean.

Thanks, as this will be VERY helpful because it was a question burning in the back of my head.

Have a look at the difference between strings in double quotes and single quotes as well.

Best practice is to encapsulate strings in single quotes everywhere and use double quotes only when needed.

The difference is that double quoted strings are evaluated and not static. That's good when you want it but can cause unexpected behavior when you don't.

For example:

PS> $i=1

PS> echo '$i is a string' 
$i is a string

PS> echo "$i is a string"
1 is a string

@pmoncho said in Powershell "-eq" operator and "False":

Thanks for the excellent explanation. Now I just have to try an remember this.

Yes, there is always that.

Well, you can take comfort in the fact that all programming languages works about the same in this regard. So the knowledge is not wasted just on powershell.

If you get down to what the CPU is actually doing, all if-then-else statements boils down to a comparison with zero that decides what code to execute.

So the reason why false and true is really represented by zero and non-zero has a deeply technical reason.

@notverypunny said in OT / IoT asset management:

My main concern for the present effort is getting an accurate picture of what SCADA / OT etc devices we've got in the environment so that I know if action has to be taken or flagged to the appropriate controls group when vulnerabilities are flagged online.

Sounds like your needs are primarily security centric.

Give cyberx a look then. It's now called Microsoft Defender for IoT but it covers SCADA and other OT tech as well. https://azure.microsoft.com/en-us/services/iot-defender/#features

I do have a lot of experience with documentation of these kinds of system in a variety of industries, like manufacturing industry, pulp and paper, chemical plants etc.

In a lot of cases automatic discovery can be problematic and won't work.

If you have a lot of control systems, most of the manufacturers will have tools that can keep track of their own devices. Especially when it comes to DCS systems that you'll find in larger installations.

You will likely need some kind of hybrid approach.

@pmoncho

You can test how if-then statement works directly in powershell. Just type/copy it in straight on the command line,

For example:

• if ($false) { "True" } else { "False" }
• if ("False") { "True" } else { "False" }
• if ($true) { "True" } else { "False" }
• if ("True") { "True" } else { "False" }
• if ("") { "True" } else { "False" }
• if (0) { "True" } else { "False" }
• if (1) { "True" } else { "False" }

You can also do the same test by forcing powershell to convert whatever you want into a boolean. And telling you if something is true or false.

For example:

• [bool]$false
• [bool]"False"

This is called type casting. But that belongs to more advanced programming concepts.

@pmoncho said in Powershell "-eq" operator and "False":

Trying to figure out why this will not work? I'm stumped

if ($UserE.enabled -eq "False") {
   $a = read-host "Move to Disabled Accounts OU? (Y/N)"
   $answer
}

You're just confusing the logical boolean type (true or false) with string types (any text). So you're making an invalid comparison. Easy enough mistake since they look alike.

So it has nothing to do with the if statement or -eq.

Examples of logically false:

• number 0
• empty string '' or ""
• $null
• predefined variable $false

Examples of logically true:

• anything not 0
• any string that isn't empty
• predefined variable $true

As you can see a string that has the content "False" is a not an empty string. So it is logically the same as true.

What you should be doing is:

if ($UserE.enabled) {
   $a = read-host "Move to Disabled Accounts OU? Y/N)"
   $answer
}

All if-then statements test for logical true automatically. So experienced developers never make an if-then statement explicitly comparing to true or false.

You also need to consider what it is you want the documentation to actually be used for and by whom.

If you have different roles you might have network, security and sysadmin/tech (servers, devices etc). Their documentation needs are probably quite different.

For example:

• physical network layout
• switch configuration
• cabinets, racks drawings, locations and wiring
• optical fiber runs, type, length, usage/spares
• physical servers, location, warranty information
• device location, type, firmware level, IPs
• workload inventory
• application settings and configuration
• application data flow between devices, IPs and ports
• application support, contracts
• security zone config, firewall settings
• security compliance documentation

etc, etc...

@notverypunny said in OT / IoT asset management:

Anyone have any thoughts / recommendations / experience with regards to keeping tabs on an OT environment? The only thing that seems to be out there from a discovery and management perspective seems to be OT-BASE https://www.langner.com/

OT systems are in general documented in a static way and for good reasons.

The physical assets that OT controls, have a much longer lifespan than anything IT related. Think 20 years or more. So the documentation need to be around for the same amount of time and it's hard to use an asset management system when that system will likely be obsolete itself in a few years time.

In other technical areas such as electrical, mechanical, HVAC etc, they have standards for how things should be documented. Their documentation have a lifespan of many decades. Unfortunately IT and OT documentation by extension, are still in the dark ages.

My suggestion is to document manually in a markdown based wiki. That way your documentation can live on for a long time, can be transferred to different systems when needed and will be flexible enough to document whatever you might need.

Excel spreadsheets are not suitable because you really need to be able to do free text documentation for a lot of things. You will need the flexibility that a wiki has.

Besides keeping tabs of your equipment you also need data flow diagrams, what ports are in use, required firewall settings and whatnot. Markdown can't be used for drawing but the files can be linked, pdfs can be generated and everything stored in the wiki.

You should combine your manual documentation with automatic scanning to detect undocumented changes, security issues etc. You could potentially have the result of the scanning fed into wiki pages. That gives you the ability to view everything in the same wiki system.

CyberX (recently bought by Microsoft) have a system that can scan and detect security issues especially for OT/ICS/IoT systems. Probably do asset management as well. I've not heard good things about them in the past but it might be better now.

@d-cunnings said in User Profile migration Problem AAD -> AD:

I always advise customers to go easy on cloud and see where it goes.

I understand what you're saying but there is nothing to see really. It will only go one way. Microsoft want you to move everything to the cloud their cloud.

You might not want that but Microsoft will force you with their planned obsolescence scheme, vendor lock-in and if needed with unlawful business practices. That is their MO and it has worked well since the 80s.

Companies that are knee-deep in Microsoft solutions will never be able to wriggle themselves out of that situation. Not until it's too late and too costly and then they just have to abandon any resistance and go full cloud. Company attitude is how they ended up with MS in the first place.

So the reason you can't find an easy way to do move from AAD to AD is because Microsoft doesn't want you to. It's not astonishing negligence, it's the result of a well planned strategy.

@Jimmy9008 said in Is Real Estate Actually a Good Investment on Average?:

@Pete-S said in Is Real Estate Actually a Good Investment on Average?:

@Jimmy9008 said in Is Real Estate Actually a Good Investment on Average?:

But, if I know I am going to be South East UK for at least a decade, owning is the only sensible financial choice.

Right, until you get sick long-term or have a divorce and you can't afford to pay your mortgage and you can't sell your house because nobody is willing to pay what you need to pay off your loans.

Renting is the SaaS of living arrangements.

Zero capital expense, zero risk, 100% agility.

Pretty much, shit happens.

If you are worried about possible future long term sick, get ASU insurance.
If you are worried about future divorce, well that sucks. Its still better to have 50% of a house than 0%.

There are lots of real world examples of shit happening. It still doesn't change the fact that renting is paying somebody else mortgage, when you could have your own and 'hope' to gain from it.

Everything has risk.

Yeah, but a shitty investment such as a single family home isn't worth that risk. It's a lot more financially responsible to rent your home and invest your capital in something better. Something that is not coupled to your living arrangements. Something you can sell and buy when the opportunity is right, not when you want to move.

If you like real estate there are plenty of things to own. Apartment buildings, commercial real estate for example.

@Jimmy9008 said in Is Real Estate Actually a Good Investment on Average?:

But, if I know I am going to be South East UK for at least a decade, owning is the only sensible financial choice.

Right, until you get sick long-term or have a divorce and you can't afford to pay your mortgage and you can't sell your house because nobody is willing to pay what you need to pay off your loans.

Renting is the SaaS of living arrangements.

Zero capital expense, zero risk, 100% agility.

@Dashrender said in Zoho Mail has new secure sending option:

@Pete-S said in Zoho Mail has new secure sending option:

@Dashrender Good to know.

One purpose of the OTP is that you can't forward the email and have another person read it.

Not directly forward - sure, but you could screen shot it and forward that to someone.

I assume the OTP is more so that people don't have to create accounts in the Zoho system.

It looks like Zoho had the forwarding thing specifically in mind since they mentioned that on their website. A lot of people will forward messages without thinking about the sensitive information that is usually longer down in the mail. I've seen that a lot when I get emails forwarded to me with information that is clearly not intended for me.

In the MS system you have to create an account, same goes for Zix, even if you will only ever read this one message on that system.

Yeah, I hate that. It's just to get more users. I love OTP though.

I'll have to check how these secure feature works with sending huge mail attachments as well. Haven't tried it yet.

@Dashrender Good to know.

One purpose of the OTP is that you can't forward the email and have another person read it.

It's a good tool to have.

Zoho support S/MIME (end-to-end encryption) too and we have it. It works fine but the receiving part need to have it setup as well. So that's where it fails.

Zoho Mail now has a built-in option for sending secure emails that will requires an OTP to view. Also the option to have it expire after X days or a certain date.

They call it SecurePass.
https://www.zoho.com/mail/help/confidential-email.html

This is what the receiver sees in his inbox after getting a SecurePass email.

After you click on the link above.

And then the validation OTP (sent via email).

Now the receiver can view the email in the browser.

@DustinB3403 said in Windows SDK to build an MSI:

Hey all, long time since I've posted. To summarize the ask is anyone familiar enough with Windows SDK to build an MSI out of an EXE? Hoping for a crash course on this.

The software vendor provides only loose instructions to building an MSI, but it's all for SCCM and not SDK.

Thanks

Why not convert the exi (as it is) to msi file without building it as an msi?
There are wrappers and converters out there that will do it.

Or are you looking for special customization of the msi files?

@JaredBusch said in Question about fdisk:

I know you seem all hot and bothered to prove me wrong about something but give it up.

No, not at all. I was just trying to add some context to why partition alignment makes no practical difference in this and many other cases and that warnings can be disregarded.

I would consider it a bug that fdisk couldn't resize your partition the way it was setup.

@JaredBusch said in Question about fdisk:

@Pete-S said in Question about fdisk:

You're running a virtual disk under Hyper-V so physical sectors has no bearing at all.

Of course they matter, because the guest OS doesn't know or care that it is virtual.

Oh, so you thought partition alignment is about the OS? It's not. The OS doesn't care (and never has) about partition alignment - regardless if it runs in a VM or on bare metal.

Partition alignment is only about optimizing the performance of the storage subsystem.

@Mario-Jakovina said in Windows 10 and RHEL 9 Dual Boot help.:

@Pete-S Any Windows 10 licence will technically work in VM, from my experience.

Yeah, but we're talking about the embedded license key that sits in the BIOS of the computer (when it comes with Windows OEM).

In a VM the guest can't access the BIOS of the host so it shouldn't be able to retrieve the embedded Microsoft licensing key. Unless the hypervisor makes it available to the guest.

The embedded licensing key is used automatically by the Windows installer and it will install Windows without asking the user for a key.

Back in the day there would be sticker on the bottom of the computer with the licensing key. But now it's stored in the BIOS somewhere and the sticker only has a windows logo on it.

@JaredBusch said in Question about fdisk:

I have an old CentOS 7 system that I need to expand the disk for.

I resized the virtual disk in Hyper-V with no issue, but I'm confused/worried about using fdisk like normal to resize the partition because of this warning.

As you can see, the disk is aligned to sector 1. Can I safely use fdisk? I cannot recall ever dealing with this before.

You're running a virtual disk under Hyper-V so physical sectors has no bearing at all. And especially not when you have thin partioning (dynamic size) in the hypervisor.

It used to be a thing because DOS had MBR in the first sector (sector 0) so that why GPT partitioning reserves it. And you wanted to align partitions with physical disk sectors on spinning rust to avoid write penalties.

Anyway, even on bare metal with SSD it doesn't matter because SSDs support both 512 and 4096 sector size and have internally a different block size altogether. And on spinners you have much larger cache on the drives and raid cache as well so it more or less doesn't really matter anymore.

But if you just create a new partition today it will align it automatically to 1MB (2048x512 byte) so you don't have to think about it.

@scottalanmiller said in Windows 10 and RHEL 9 Dual Boot help.:

@Saba said in Windows 10 and RHEL 9 Dual Boot help.:

@DustinB3403 & @Pete-S Thank you so much. I have installed VMWare on Windows 10 and all seems well so far.

I prefer the other way, Linux on the metal, use KVM built in, and Windows on top. Faster, more stable, and then it's Linux that's "faster" and always there. But I use Linux as my main operator and Windows purely for testing things so.... makes more sense for me.

A lot of PCs come with OEM Windows license keys in the BIOS. I don't think you can use that license when you run the OS in a VM. At least not automatically.

So that favors Windows as the base OS.

@Mr-Jones said in Unable to send emails to Gmail from my domain:

Currently I can send now, but it always goes straight to Spam folder. Likely because we don't have DMARC set up yet.

Yes, you need all of it to increase your odds. And look at routing your exchange emails through another SMTP gateway as mentioned above.