i am trying to run the powershell script to get disk report for servers from text file but getting error

$  DiskSizeReport = @() $  servers = get-content "D:\Testing\Serverlist.txt" foreach ($  server in $  servers) { write-host "Executing query against server: " $  server $  Disks = Get-WmiObject win32_logicaldisk -computername $  server -Filter "Drivetype=3" -ErrorAction SilentlyContinue | Select-Object @{Label = "Server Name";Expression = {$  _.SystemName}}, @{Label = "Drive Letter";Expression = {$  _.DeviceID}},@{Label = "Total Capacity (GB)";Expression = {"{0:N1}" -f( $  _.Size / 1GB)}}, @{Label = "Used Space (GB)";Expression = {(Round($  _.Size /1GB,2)) - (Round($  _.FreeSpace /1GB,2))}}, @{Label = "Free Space (GB)";Expression = {"{0:N1}" -f( $  _.Freespace / 1GB ) }},@{Label = "Free Space (%)"; Expression = {"{0:P0}" -f ($  _.freespace/$  _.size) }} $  DiskSizeReport += $  Disks }    # Output to CSV   write-host "Saving Query Results in CSV format..." $  results | export-csv  "D:\Testing\Diskreport.csv"   -NoTypeInformation 

The below error I am getting

Get-WmiObject : Cannot validate argument on parameter ‘ComputerName’. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
At line:6 char:56

SSRS reports resets the parameters to default after I click on “View Report”

We are using SSRS version 16(build 13.0.x) in Native mode.

I built a report using Report Builder with 2 parameters(independent). Everything works as it should when I run the report in Report Builder.

When I publish it to WebPortal – some random set of users have the following issue:

  1. Through WebPortal URL, they click on the report to open in browser, we have always used chrome.
  2. They populate the parameters and click on "View Report".
  3. The report starts "Loading" and immediately the parameters are reset to default(or blank) and the report area goes blank. They couldn’t even see the column header or the menu bar in the report area.

Apart from a handful of seemingly random users, everyone else have no issues.

We use SQL accounts for authentication and all users have permissions to fetch data from tables. I checked if this issue is only with certain kind of parameters, but there seems to no common denominator.

I’ve come up dry on PowerBI, Technet forums. I appreciate any help/troubleshooting steps. Thanks šŸ™‚

Page Scanner Addon – Report all footprint instances?

Assuming I am using the Page Scanner Addon correctly, it seems to return only one result for each url

Eg If I have three footprints to find:
New York
LondonĀ 
ParisĀ 

If a Page contains one of the search terms (not necessarily the first one) it will return a positive result for one search term andĀ move on to next URL and never check for the other two search terms.

It seems that If I want results that have “any AND all” of the three cities I haveĀ to run the the search 3 times with only one Footprint active at one time.
Is that correct or am I using the Addon incorrectly?

Thanks ColinK

Understanding CSP: report shows blocked that shouldn’t have been blocked

I’m having trouble making sense of some reported CSP violations that don’t seem to actually be violations according to the CSP standard. I have not managed to reproduce the violations in my own browser, and based on my own testing I believe that the block is the result of a non-compliant browser. That seems like a bold assertion, but based on all the documentation I’ve read and my tests it’s the only thing that makes sense.

Here is (more or less) what the CSP is:

frame-ancestors [list-of-urls]; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' [list-of-more-urls]; report-uri [my-reporting-endpoint] 

The problem is that I’m getting some violations sent to my reporting endpoint. Here is an example violation report:

{"csp-report":{     "document-uri":"[REDACTED]",     "referrer":"[REDACTED]",     "violated-directive":"script-src-elem",     "effective-directive":"script-src-elem",     "original-policy":"[SEE ABOVE]",     "disposition":"enforce",     "blocked-uri":"https://example.com/example.js",     "status-code":0,     "script-sample":"" }} 

The context would be that the page in question had a <script src="https://example.com/example.js"></script> on it somewhere.

To be clear, https://example.com is not in the list of allowed URLs under default-src. However, that shouldn’t really matter. Here are all the relevant facts that lead me to believe this is being caused by a non-compliant browser that someone is using:

  1. There is no script-src-elem defined so it should fall back on the default-src for the list of allowed URLs.
  2. default-src includes the https: schema, which means that all urls with an https scheme will be allowed. The blocked URL definitely uses HTTPS
  3. This source agrees that the scheme source (https) will automatically allow any https resources. Therefore this should be allowed even though example.com is not in the list of allowed URLs.
  4. The official CSP docs also agree, showing that scheme matching happens first and can allow a URL even before the list of allowed URLs is checked.
  5. Therefore, if you include the https: scheme in your default-src, your CSP will match <script src="https://anything.com"> even if not specifically in the list of allowed URLs
  6. In my own testing I found the above to be true.

Despite all of this, I have sporadic reports of CSP violations even though it shouldn’t. Note that I’m unable to replicate this exactly because the pages in question have changed, and I don’t have easy control over them. The only thing I can think of is that some of my users have a browser that isn’t properly adhering to the CSP standard, and are rejecting the URL since it is not on the list of allowed URLs, rather than allowing it based on its scheme.

Is this the best explanation, or am I missing something about my CSP? (and yes, I know that this CSP is not a very strict one).

Insecure Binary protection IOS Pentest Report

Thirdparty pentest company reported their findings in our IOS app. In the report explanation for this vulnerability is

Apple provides default encryption for applications; however, the encryption could easily be bypassed by using publicly available tools such as Clutch. This was verified by performing static analysis that shows that the application code has not been encrypted, using a strong encryption mechanism, which makes it easy for an attacker to reverse engineer the application and to explore and modify its functionality.

For the remediation they suggested

The recommendation is to use a custom encryption solution for the iOS application. Is it possibile to build IOS app with custom encrytpiton solution? Is that something that is a feature when compiling IOS app?

Is there a way to use custom "encryption" for IOS app?

Power BI Report Server keeps asking for credentials locally

I’ve installed PBIRS on my laptop to do some development.

Each time try to connect it prompts with dialog wanting me to login.

Login

If I try and connect from a remote PC using the same domain login, it recognises me and logs me in without any problems.

What do I need to change so that PBIRS accepts my connection?

PBIRS May 2020 SQL Server 2019 HP Elitebook 16Gb RAM Windows 10.

Blocking task report is showing false positive

Here is the code I am using to send email alerts. It seems to send more false +ves, can anyone guide me how to resolve this ?

DECLARE @Waiting INT; DECLARE @Message NVARCHAR(MAX);  SELECT  @Waiting = COUNT( s.session_id ) FROM    sys.dm_exec_sessions s LEFT OUTER JOIN sys.dm_exec_connections c ON ( s.session_id = c.session_id ) LEFT OUTER JOIN sys.dm_exec_requests r ON ( s.session_id = r.session_id ) LEFT OUTER JOIN sys.dm_os_tasks t ON ( r.session_id = t.session_id AND  r.request_id = t.request_id ) LEFT OUTER JOIN (                     -- In some cases (e.g. parallel queries, also waiting for a worker), one thread can be flagged as                     -- waiting for several different threads.  This will cause that thread to show up in multiple rows                     -- in our grid, which we don't want.  Use ROW_NUMBER to select the longest wait for each thread,                     -- and use it as representative of the other wait relationships this thread is involved in.                     SELECT  *                             ,ROW_NUMBER() OVER ( PARTITION BY waiting_task_address ORDER BY wait_duration_ms DESC ) AS row_num                     FROM    sys.dm_os_waiting_tasks ) w ON ( t.task_address = w.waiting_task_address )                                                             AND w.row_num = 1 LEFT OUTER JOIN sys.dm_exec_requests r2 ON ( r.session_id = r2.blocking_session_id ) WHERE   ISNULL( t.task_state, N'' ) <> ''         AND ISNULL( DB_NAME( r.database_id ), N'' ) = 'MyDB'         AND ISNULL( w.wait_duration_ms, 0 ) > CASE                                                     WHEN FORMAT( GETDATE(), 'HH:mm' ) >= FORMAT( CAST('07:00AM' AS TIME), N'hh\.mm' )                                                         AND  FORMAT( GETDATE(), 'HH:mm' ) < FORMAT( CAST('05:30PM' AS TIME), N'hh\.mm' ) THEN 10000                                                     ELSE 20000                                                 END ---  this will change the wait time to 20s during offpeak hours.         AND s.session_id <> ISNULL( w.blocking_session_id, 0 )         AND is_user_process = 1;    ---- added on 2019-04-02 @8.40AM to neglect the parallel queries.threads blocking themselves   IF ( @Waiting > 30 )     --send email  

SPF – Dmarc report

I get Dmarc reports sent from various different sources. All of the reports generally have <result>pass</result> for all of the sections.

However, the reports from Google always have SPF fails:

<row>     <source_ip>185.116.215.174</source_ip>     <count>1</count>     <policy_evaluated>         <disposition>none</disposition>         <dkim>pass</dkim>         <spf>fail</spf>     </policy_evaluated> </row> . . . </auth_results>      <dkim>         <domain>domain.co.uk</domain>         <result>pass</result>         <selector>dkim</selector>     </dkim>     <dkim>         <domain>email-od.com</domain>         <result>pass</result>         <selector>dkim</selector>     </dkim>     <spf>         <domain>bounce.domain.co.uk</domain>         <result>fail</result>     </spf> </auth_results> 

My SPF record looks like:

“v=spf1 +a +mx +a:server.domain.co.uk include:email-od.com ~all”

I am unsure why my bounce domain is failing SPF checks, but it only seems to be on Google DMARC reports.

To be honest, I am unsure what the bounce domain does, should I set up an email address – bounce@bounce.eazyfreight.co.uk?

Any help sorting my SPF and advice re bounce.domain.co.uk would be great.