Friday, June 19, 2015

Windows scheduled task to auto logoff

Here's some PowerShell to remotely schedule a task to log out 2+ hours idle users:
function InstallAutoLogoff($computer)
{
    invoke-command -computer $computer `
    {
        schtasks.exe /delete /tn AutoLogOff /f 2>&1 | Out-Null

        set-content c:\windows\temp\AutoLogOffTask.xml `
        '<?xml version="1.0" encoding="UTF-16"?>
        <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
          <Triggers>
            <TimeTrigger>
              <Repetition>
                <Interval>PT30M</Interval>
              </Repetition>
              <StartBoundary>2015-01-01T00:00:00</StartBoundary>
            </TimeTrigger>
          </Triggers>
          <Actions Context="Author">
            <Exec>
              <Command>PowerShell.exe</Command>
              <Arguments>-Command $r1 = quser.exe; $idPos = $r1[0].IndexOf(''ID  ''); foreach($row in $r1) { $r2 = $row.Substring($idPos).Trim() -split ''  +''; if($r2[2].Contains('':'')) { $t = $r2[2].Replace('':'', ''.''); if($t.Contains(''+'') -or ($t -as [double] -ge 2)) { rwinsta.exe $r2[0] } } }</Arguments>
            </Exec>
          </Actions>
        </Task>'

        schtasks.exe /create /tn AutoLogOff /ru system /xml c:\windows\temp\AutoLogOffTask.xml
        del c:\windows\temp\AutoLogOffTask.xml
    }
}

InstallAutoLogoff 'myserver1'
InstallAutoLogoff 'myserver2'
InstallAutoLogoff 'myserver3'

Tuesday, March 24, 2015

VoCore OpenWRT as NAT access point

I recently bought a VoCore. It came pre-flashed with OpenWRT Chaos Calmer (as of 2015-03-16). OpenWRT was configured as a wireless access point, bridging with the ethernet port. Here is what I did to get it to a configuration where it acts as a NAT'ing wireless access point, similar to most consumer routers/access points:

SSH'ed to its default IP of 192.168.61.1.

Edited /etc/config/network:

...
#config interface 'lan'
config 'interface' 'wan'
      option macaddr 'b8:d8:12:60:00:01'
      option proto 'dhcp'

config interface 'lan'
  option force_link '1'
  option macaddr 'b8:d8:12:60:00:02'
  option proto 'static'
  option ipaddr '192.168.61.1'
  option netmask '255.255.255.0'
...

Edited /etc/config/wireless:

...
config wifi-iface
      option device   radio0
      option network  lan
      option mode     ap
      option ssid     gaffel8080
      option encryption psk2
      option key palle123
...

Edited /etc/config/dhcp:

...
#config odhcpd 'odhcpd'
# option maindhcp '0'
# option leasefile '/tmp/hosts/odhcpd'
# option leasetrigger '/usr/sbin/odhcpd-update'
...

To enable SSH from the ethernet port, I also edited /etc/config/firewall:

...
config rule
      option src wan
      option proto tcp
      option dst_port 22
      option target ACCEPT

This was all that was needed for the basic scenario of using VoCore as an accesspoint combined with a NAT'ing router.

I went a little further and installed some nice to have packages like openssh-sftp-server, nano, htop, ip, etc. However, in order to do this, I first had to fix /etc/opkg.conf:

...
#src/gz cheese_base http://downloads.openwrt.org/snapshots/trunk/ramips/packages/base
#src/gz cheese_luci http://downloads.openwrt.org/snapshots/trunk/ramips/packages/luci
src/gz chaos_calmer_base http://downloads.openwrt.org/snapshots/trunk/ramips/generic/packages/base/
src/gz chaos_calmer_luci http://downloads.openwrt.org/snapshots/trunk/ramips/generic/packages/luci/
src/gz chaos_calmer_management http://downloads.openwrt.org/snapshots/trunk/ramips/generic/packages/management/
src/gz chaos_calmer_packages http://downloads.openwrt.org/snapshots/trunk/ramips/generic/packages/packages/
src/gz chaos_calmer_routing http://downloads.openwrt.org/snapshots/trunk/ramips/generic/packages/routing/
src/gz chaos_calmer_telephony http://downloads.openwrt.org/snapshots/trunk/ramips/generic/packages/telephony/

After that I could install the extra packages by running the following:

opkg update
opkg install openssh-sftp-server
opkg install nano
opkg install htop
opkg install ip

Also, I recommend disabling Luci, as it is buggy, and a security concern:

rm /www/cgi-bin/luci
echo "A private box" > /www/index.html