Microsoft Graph API - Post 1 of many

Microsoft Graph API

It almost seems like the Tangential Screw is out of Sync.
A phrase I've commonly used and sound technical enough that people leave me alone, assuming that I know what I'm doing.
Microsoft Graph API seems to be the 'fix for everything' that is wrong in O365/ Intune/ Azure.

Anyway, I decided its time to read about it and jot some notes down.

These are random pieces of code that worked for me and failures and error message I figured out. Mostly because as a person who likes to kick tin, coding is not a natural way to access logs.


If you see D.W. it means didn't work, or I haven't figured out what it does yet.
General assumption needs to be be I made a mistake, but with this cloud stuff...who knows. If you have a complaint or comment on that , then revert to above, I like to kick tin, virtual or physical.

I'm currently using the Graph Explorer
https://developer.microsoft.com/en-us/graph/graph-explorer

Will move to Visual Code at some stage with the intention of trying to see if I can get security information.

So here goes:
Demo O365 Tenancy, with a three moth life time.
No vanity domain added yet.

GET https://graph.microsoft.com/beta/security/secureScores?$filter=fqdn eq 'AarifS@M365x106898.onmicrosoft.com'

GET https://graph.microsoft.com/beta/security/hostSecurityProfiles?$filter=fqdn eq 'AarifS@M365x106898.onmicrosoft.com'&$select=riskScore

These work, but give a response with no data.

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#Security/hostSecurityProfiles(riskScore)",
    "value": []
}
I assume I need to add data to make get a response.


Send and email
***************
Send an Email
***************

***Command***
POST v1.0 https://graph.microsoft.com/v1.0/me/sendMail

***Content 2***
{
  "message": {
    "subject": "Meet for lunch?",
    "body": {
      "contentType": "Text",
      "content": "You available.Origional - 1 line"
    },
    "toRecipients": [
      {
        "emailAddress": {
          "address": "my.emailaddress@provider.com"
        }
      }
    ]
  }
}

***Content 2***
{
  "message": {
    "subject": "Meet for lunch?",
    "body": {
      "contentType": "Text",
      "content": "You available. I'm free tomorrow and wondering if all is ok
      This works as well
      "
    },
    "toRecipients": [
      {
        "emailAddress": {
          "address": "my.emailaddress@provider.com"
        }
      }
    ]
  }
}

***Content 3***
{
  "message": {
    "subject": "Meet for lunch?",
    "body": {
      "contentType": "Text",
      "content": "You available. I'm free tomorrow and wondering if all is ok
      And how does this continue.
      Does it just go on
      yes
      Joe"
    },
    "toRecipients": [
      {
        "emailAddress": {
          "address": "my.emailaddress@provider.com"
        }
      }
    ]
  }
}


***Command*** Get logged in user’s OneDrive site
POST v1.0 https://graph.microsoft.com/v1.0/me/drive

***Command*** Get users whose email address starts with “Adele”
D.W. https://graph.microsoft.com/v1.0/users?$filter=startswith(mail,’adele’)
https://graph.microsoft.com/v1.0/users?$filter=startswith(mail,’adams’)
https://graph.microsoft.com/v1.0/users?$filter=startswith(mail,'A')
https://graph.microsoft.com/v1.0/users?$filter=startswith(givenName,'A')

***Command*** Get logged in user’s user profile picture
https://graph.microsoft.com/v1.0/me/photo/$value


Query
https://graph.microsoft.com/v1.0/users?$filter=startswith(mail,’adele’)
And the output is
{
    "error": {
        "code": "BadRequest",
        "message": "Invalid filter clause",
        "innerError": {
            "request-id": "c913cb68-3759-476e-89ba-718887cd7653",
            "date": "2018-12-20T23:10:41"
        }
    }
}

This means that the user Adele is not there!
Not that your query is bad.

Windows 10 not displaying login name or missing last login name

Windows 10 when connected to Azure AD stops showing the last login name or any of hte login accounts.

Not sure why, had a look and found different solutions.

Seems we need to merge a few together.

Issue 

Windows 10 does not show last logged in user name.

Potentially does not show any user names.

Doesn't give any clues as to whom is logging in.

Solution

Windows Registry Editor Version 5.00

​

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]​

"HideFastUserSwitching"=dword:00000001​

"dontdisplaylastusername"=dword:00000000

First option enables fast user account switching & second confirms that the username is displayed.

Either by itself does not work.

You need both.

Save as a reg file and run.

Fix different Sydi-Server issues

General post pulling together different issues that I've come across and fixed in Sydi-Server

Cannot find cscript.exe

Got an error “Can’t find script engine “VBScript” for script “”.

This sometimes means that the dll needs to be re-registered.
but it can also be a change made by an AV engine. McAfee and symantec do this a lot

Basically the antivirus software had changed the regkey that should point to the VBScript.dll.  
Fix that bad entry and the scripts all run fine

1. Logon to the server as an administrator.
2. Open the registry editor (regedit.exe) and navigate to the following registry key.[HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32]
3. Check the path of the Default registry key, it will most likely point to the path of your Anti-Virus Product.
4. Right click on InprocServer32 and select permissions. Give the Administrators group full access.
5. Modify the Default registry key and change the path to C:\Windows\system32\vbscript.dll
6. Change the regkey permissions back.

To re-register the vbscript.dll

Click on start button, type cmd. In the search result right-click on cmd and select

Run as Administrator.

Type cd %windir%\system32 and press enter.

Type regsvr32 vbscript.dll in command prompt and press enter.

If the registration was successful, you should now see the following message:

DllRegisterServer in vbscript.dll succeeded.

Cannot run Cscript.exe

Error running the cscript.exe command

Adding info on cscript.exe not running on Server 2012R2/ Server 2016 and Windows 10.

Copy the cscript.exe file from %windir%\syswow64 to to folder that you have Sydi-Server
saved to and run it now. All fixed!

Fix for SydiServe Excel issue on Excel 2013 and higher.

Sydi Server not working with Excel 2013 or Excel 2016

Sydiserver 2.4 released http://networklore.com/sydi/

When using the overview module sydi-overview.vbs I was getting errors;

sydi-overview2-4.vbs(596, 2) Microsoft VBScript runtime error: Subscript out of range

Great error message!

Turns out Excel 2013 opens 1 sheet by default, so you need to add in sheets 2 and 3
by copying in line 598 a few times.

Code lines for original are (590 to 601) objExcel.Cells.Select

objExcel.Cells.EntireColumn.AutoFit objExcel.ActiveWindow.SplitRow = 0.8 objExcel.ActiveWindow.FreezePanes = True
objExcel.Range("A1").Select objExcel.Sheets(1).Name = "Computers" objExcel.Sheets(2).Name = "WMI Programs"
objExcel.Sheets(3).Name = "Registry Programs" objExcel.Sheets.Add ,objExcel.Sheets(3) ' Add a new sheet after the last
one objExcel.Sheets(4).Name = "Processes" objExcel.Sheets.Add ,objExcel.Sheets(4) ' Add a new sheet after the last one
objExcel.Sheets(5).Name = "OS Distribution Data"

New lines need to be as follows (590 to 603) objExcel.Cells.Select

objExcel.Cells.EntireColumn.AutoFit objExcel.ActiveWindow.SplitRow = 0.8 objExcel.ActiveWindow.FreezePanes = True
objExcel.Range("A1").Select objExcel.Sheets(1).Name = "Computers" objExcel.Sheets.Add ,objExcel.Sheets(1) ' Add a new
sheet after the last one objExcel.Sheets(2).Name = "WMI Programs" objExcel.Sheets.Add ,objExcel.Sheets(2) ' Add a new
sheet after the last one objExcel.Sheets(3).Name = "Registry Programs" objExcel.Sheets.Add ,objExcel.Sheets(3) ' Add a
new sheet after the last one objExcel.Sheets(4).Name = "Processes" objExcel.Sheets.Add ,objExcel.Sheets(4) ' Add a new
sheet after the last one objExcel.Sheets(5).Name = "OS Distribution Data"

Thanks to Patrick Ogenstad http://networklore.com/ for the tools

MD5 hash of file
sydi-overview.vbs: 5f1d5ca7da8e83d5487d08e362ce4994
SHA1 hash of file
sydi-overview.vbs: 9b94e94a59d711155ffc4ec49026198a9e95a4e5

Command to check the hash CertUtil -hashfile sydi-overview.vbs MD5 CertUtil -hashfile
sydi-overview.vbs SHA1

File to download
https://raw.githubusercontent.com/wobblewobble/SydiServe_Excel_Fix/master/sydi-overview.vbs

Posting Code to my blogs

For my own reference to add code to my blogs and not have it edited

Copy the code you want to display in the post

Open Simplecode 

Paste the code in the box and click on enter

Copy the resulting the code and you are done. Just paste the code in blog post to display the code as expected

Sample 1

Straight Paste

3

false

sound

Sound Card

sound

7

ensoniq1371

35 

From Simplecode

<Item>

<rasd:AddressOnParent>3</rasd:AddressOnParent>

<rasd:AutomaticAllocation>false</rasd:AutomaticAllocation>

<rasd:Caption>sound</rasd:Caption>

<rasd:Description>Sound Card</rasd:Description>

<rasd:ElementName>sound</rasd:ElementName>

<rasd:InstanceID>7</rasd:InstanceID>

<rasd:ResourceSubType>ensoniq1371</rasd:ResourceSubType>

<rasd:ResourceType>35</rasd:ResourceType>

Its adding the following

A tag called < code >

the < is replaced with & l t ;

Item

The  > is replaced with & g t ;

And a  < br  / >  added to the end of each line for a new line.

Convert a Virtual Box OVA to VMware OVF and deploy

Back in college and trying to deploy the demo lab machines. Images I got were Virtual Box OVA files that would not deploy direct to ESXi. Trying to import an Virtual Box OVA file into ESXi and I got errors. Disk was incorrect, wrong hardware, didn't know disk size and a few other errors.

Found a few sites describing the methods, but never had a full set of instructions.

Tried for a few hours and came up with the below.


Download the VMware OVFTools, login is needed to access the download (correct link on 31/1/2018)

https://my.vmware.com/group/vmware/details?downloadGroup=OVFTOOL350&productId=352

Run OVFtool in Administrator mode and point it at your old

C:\Program Files\VMware\VMware OVF Tool>ovftool.exe E:\Downloads\Malware\Sniffer\Sniffer.ova E:\Downloads\Malware\SnifferOVF\sniffer.ovf

Open up the folder you converted to
Delete the mf file (Sniffer.mf) and edit the ovf file as follows

Then use a text editor to change the following sections in the .ovf file

Change the hardware to ESX suitable hardware

<vssd:VirtualSystemType>virtualbox-2.2</vssd:VirtualSystemType>

to

<vssd:VirtualSystemType>vmx-08</vssd:VirtualSystemType&gt;

Edit the Drive Type from SATA to a SCSI to suit VMware

<rasd:Address>0</rasd:Address>
<rasd:Caption>sataController0</rasd:Caption>
<rasd:Description>SATA Controller</rasd:Description>
<rasd:ElementName>sataController0</rasd:ElementName>
<rasd:InstanceID>5</rasd:InstanceID>
<rasd:ResourceSubType>AHCI</rasd:ResourceSubType>
<rasd:ResourceType>20</rasd:ResourceType>

to

<rasd:Address>0</rasd:Address>
<rasd:Caption>SCSIController</rasd:Caption>
<rasd:Description>SCSI Controller</rasd:Description>
<rasd:ElementName>SCSIController</rasd:ElementName>
<rasd:InstanceID>5</rasd:InstanceID>
<rasd:ResourceSubType>lsilogic</rasd:ResourceSubType>
<rasd:ResourceType>6</rasd:ResourceType>

Delete the following section for the Sound Card (approx. line 100)

<Item>

<rasd:AddressOnParent>3</rasd:AddressOnParent>

<rasd:AutomaticAllocation>false</rasd:AutomaticAllocation>

<rasd:Caption>sound</rasd:Caption>

<rasd:Description>Sound Card</rasd:Description>

<rasd:ElementName>sound</rasd:ElementName>

<rasd:InstanceID>7</rasd:InstanceID>

<rasd:ResourceSubType>ensoniq1371</rasd:ResourceSubType>

<rasd:ResourceType>35</rasd:ResourceType>

</Item>

Then deploy your VM using vCenter/ vSphere Client. This will also deploy the vmdk for you as well.

KCCO