Java exception sites with Powershell

Many of you have came into this problem if you happen to support lots of users with access to certain sites that use Java Applets. Recently there was a change in Security approach in JRE for Java 8 environment.
You actually can’t set up Java to ‘Medium’ Security preset, therefore any site that you want your users to use with Java, needs to be added to so called ‘Exception sites’ list.
You can of course do this manually but I’ll show how to add Java exception sites with Powershell.

Powershell solution

If you’re still struggling with XP stations in your environment, you can also go batch/cmd way:

Batch solution

Either way, make sure you’re allowing the exceptions only if needed to minimize the risk of using security flaws in Java Applets.
Also, if target PC happens to have more than one user (for ex. general user and IT) but don’t have scripts on start from domain set up, you should think of iterating through all of the users in %systemdrive%\Documents and Settings (Windows XP) or %systemdrive%\Users (Windows 7 and later).

Create directories from path on FTP with Powershell

Probably many of you used FTP to store some data using different libraries of different languages. As PowerShell is based on .NET Framework, I’ll show you up how to check and if necessary, create directories from path on FTP we’re planning to send data to with a simple Powershell function.

Getting started

So we’re starting with a simple FTP path, let’s say:

To make our life a little easier, let’s split it into two parts – $ServerPath, that is a path to root of FTP server and $DirectoryPath, that is local, relative path to directory from FTP server itself. I will simplify that part given the fact that you’ll probably have ftp inputted yourself and hardcoded inside the script. If you want to make that more universal, you can edit code a little what will also parse “ftp://” part.

Hardcoded way:

Easy, universal way using System.Uri:

Let’s also prepare login data so we can actually connect to FTP with credentials we want to:

The idea

Ok, we have everything we need to connect to FTP. However, if we’ll attempt to upload a file to a directory that doesn’t exist on FTP, we’ll get prompted with error:

We need to figure it out how to go down the directory tree, to the target directory.
If you use the ‘easy universal way’, you’ll be already provided with array created from relative path splitted into directories using $FtpPath.Segments:

    System.URI Segments ToString()

If you’re about to go with hardcoded way, split the string with a standard String.Split() method with a “/” as an argument like this:

The output we’ll get will be the same as above, as both System.Uri.Segments and String.Split() will return us an array of strings.
Finally, let’s go through the whole directory tree, adding directories one by one to the path and figuring out whether we need to create directory for ourselves or not. To keep on track with current position in our process, let’s use additional variable called $Position. We’ll also be watching out for some errors with usage of try-catch block:

The reason why we’re letting function continue after catching Net.WebException is that if directory actually exists, $WebRequest will fail to make directory.

Final wrap up

Function itself:

Usage of the function:


Please note that, script is adapted to use Uri with ‘/’ at the end. If you’re intending to use Uri without ‘/’ on the end, you’ll need to make loop work one more time, that is ‘-1’ excluded:

Also, if you’re gonna use $FtpPath.Segments, delete ‘+ “/”‘ from string concatenation on the first line of try block, as it still consists “/”, so no need to add additional one:

Don’t forget to properly add scopes to your code. I’ve not used them for code simplification but you should definitely take care of it!

Thunderbird with Exchange Global Address List

Why even bother?

So you got a fancy, sharp and fluently working AD based on MS Windows Server along with MS Exchange and plenty, plenty of users using Global Address List?
But not all of them have MS Office, do they? That’s not a problem, as long as you want to bother a little with configuring Open Source alternative from Mozilla, that is Thunderbird.
Most of admins would say: if we decided they don’t need MS Office, I don’t think they need GAL.
I beg to differ. Thunderbird with Exchange Global Address List is for standard user that doesn’t use calendars a lot more closer in terms of usability inside AD structures to MS Outlook.
Of course, it’s still not a one-clicker for user inside domain to have it all like Outlook, still: Thunderbird is free and possibility to use GAL is a big plus.

Configuring Thunderbird

Let’s move straight to the settings we’ll be using. Let’s switch from main frontend of Thunderbird to Address Book.

    Address Book

Then, we’ll need to create new address book for this particular Thunderbird user.
Let’s go to File -> New -> LDAP Directory…

    File New LDAP Directory

Finally, we arrived at our target window: setting up connection with LDAP Directory, that is our Exchange Global Address List.

    LDAP Directory settings

Ok. So here comes troubles. Let’s review few things we will need for working this out:

  • Name: We can name it anyway we want. If you’re not using many address books and I guess you don’t, name it just Global Address List or something like that.
  • Hostname: It’s just the domain name that we’re gonna grab address list; for me, it will be
  • Base DN: Ok, so we’re in the domain already, let’s browse for the container. First two entrances will be our domain name, that is: "DN=localwire, DN=pl"
    Next, we need to find Organizational Unit (OU) where we’re keeping our users in. Don’t know what OU and CU is?
    Microsoft’s TechNet articles are great start for finding out: Technet – Organizational Units
    Ok. Let’s say we’re keeping our mail users inside OU called “Mailboxes”. Of course they are categorized in other OU inside our main one, but if we want them all, let’s skip to the parent one. I’m gonna set this up as "OU=Mailboxes", so my final Base DN field will look like this: "OU=Mailboxes,DN=localwire,DN=pl"
  • Port number: If you’re using standard port for either SSL or not secured connection, just leave it as it is. If it’s not default, feel free to change that.
  • Bind DN: You’d ask what’s left, right? We need to login to our domain for data we need. I’ll use my root user for that, that is:

Final settings should look like this:

    Final settings

Last final thing – let’s set Thunderbird to actually auto-lookup for contacts in our brand new LDAP Directory.
While still staying in Address Book window choose Tools->Options from menu toolbar.
Then check the box next to ‘Directory Server’ and choose Global Address List we’ve just set up.

    Final settings options

Wait a second, I’m new to Windows Server – where do I find all the settings?

The fastest way around to find this out is to go to Active Directory Users and Computers (dsa.msc) and check it out yourselves.
Whether you’re fresh Junior Admin or newcomer playing around with AD on some virtual machine, you should have access to that tool.
Let me show you all the info you need is there:

    Final settings options


Two most common issues I’ve encountered connecting Thunderbird with Global Address List:

  • Nothing happens at all after setup: You’ve probably set things up wrong as Thunderbird can’t reach your AD controller at all
  • Password pops up but Thunderbird doesn’t look up anything: Ok, Thunderbird is connecting to your AD and if no credentials error appear, you have connected. What could be wrong is that you’ve entered wrong OU where your users and contacts reside. If you’re administrating a smaller OU that’s a part of greater domain or even domain forest, consider asking global admins out if there’s anything non standard that has been implemented there.