Category Archives: Uncategorized

Issue with PowerCLI: Not authenticated and session timeout

A colleague of mine experienced this issue recently where after making a PowerCLI connection to a vCenter and instantly running a command such as Get-VM, he would be prompted by the error:

Get-VM. Not authenticated. Possible cause of this error is that the connection was left unused for a while and session has timed out.

Checking he was connected to a vCenter appeared to indicate that he was, i.e.

$global:defaultVIServer

returned a value. Seems like this may be an issue with PowerCLI 5.1 since other similar reports indicate reverting to 4.1 does not have the issue.

We didn’t have that option, so in this instance took the recommendation to amend the PowerCLI timeout as follows, which seemed to help in our case:

Set-PowerCLIConfiguration -WebOperationTimeoutSeconds -1

Reporting on Windows File Server Shares and NTFS Permissions with PowerShell

I recently had a requirement to audit the Share and NTFS permissions of a Windows File Server. PowerShell contains the Get-ACL cmdlet which makes retreving the NTFS permissions fairly straightforward, but for the Share permissions it is not so easy, but we can make use of WMI and the Win32_LogicalShareSecuritySetting class.

The below forum post details some discussion around using this class to find the Share permissions and unsurprisingly the legendary Shay Levy provides the solution.

http://groups.google.com/group/powershell-users/browse_thread/thread/43f06ce172e68c38?pli=1

The following script makes use of this code and adds some parameters depending on your requirements.

<#
.SYNOPSIS
Retrieve report of share permissions

.DESCRIPTION
Retrieve report of share permissions

.PARAMETER  ComputerName
Computer name to retrieve share permissions from

.PARAMETER  Share
Name of the share to retrieve permissions from (optional)

.PARAMETER  OutputFile
Name of the file to output the report to (optional)

.EXAMPLE
PS C:\> Get-SharePermissions.ps1 -ComputerName Server01 -Share Share01 -OutputFile C:\Scripts\SharePermissions.csv

.EXAMPLE
PS C:\> Get-SharePermissions.ps1 -ComputerName Server01

.NOTES
Author: Jonathan Medd
Date: 06/12/2011
Version: 0.1

#>

[CmdletBinding()]
param(

[Parameter(Position=0)]
[System.String]
$ComputerName = '.',

[Parameter(Position=1)]
[System.String]
$Share,

[Parameter(Position=2)]
[System.String]
$OutputFile
)

function Translate-AccessMask($val){
Switch ($val)
{
2032127 {"FullControl"; break}
1179785 {"Read"; break}
1180063 {"Read, Write"; break}
1179817 {"ReadAndExecute"; break}
-1610612736 {"ReadAndExecuteExtended"; break}
1245631 {"ReadAndExecute, Modify, Write"; break}
1180095 {"ReadAndExecute, Write"; break}
268435456 {"FullControl (Sub Only)"; break}
default {$AccessMask = $val; break}
}
}

function Translate-AceType($val){
Switch ($val)
{
0 {"Allow"; break}
1 {"Deny"; break}
2 {"Audit"; break}
}
}

# Create calculated properties
$ShareProperty = @{n="Share";e={$ShareName}}
$AccessMask = @{n="AccessMask";e={Translate-AccessMask $_.AccessMask}}
$AceType = @{n="AceType";e={Translate-AceType $_.AceType}}
$Trustee = @{n="Trustee";e={$_.Trustee.Name}}

if ($Share){

$filter="name='$Share'"

$WMIQuery = Get-WmiObject -Class Win32_LogicalShareSecuritySetting -ComputerName $ComputerName -filter $filter | ForEach-Object {
$ShareName = $_.name
$_.GetSecurityDescriptor().Descriptor.DACL | Select-Object $Shareproperty,$AccessMask,$AceType,$Trustee}
}

else {
$WMIQuery = Get-WmiObject -Class Win32_LogicalShareSecuritySetting -ComputerName $ComputerName | ForEach-Object {
$ShareName = $_.name
$_.GetSecurityDescriptor().Descriptor.DACL | Select-Object $Share,$AccessMask,$AceType,$Trustee }
}

if ($OutputFile){
$WMIQuery | Export-Csv $OutputFile -NoTypeInformation
}

else {
$WMIQuery | Format-Table -AutoSize
}

 

For NTFS permissions Jeff Hicks has a very useful post for creating NTFS ACL reports.

http://jdhitsolutions.com/blog/2011/06/creating-acl-reports/

The following is a script based off some of the ideas in that post which you can use for generating a report depending on your requirements.

<#
.SYNOPSIS
Retrieve report of NTFS permissions

.DESCRIPTION
Retrieve report of NTFS permissions

.PARAMETER  ComputerName
Computer name to retrieve NTFS permissions from

.PARAMETER  Folder
Name of the NTFS path to retrieve permissions from

.PARAMETER  Recurse
Retrieve permissions from subfolders and files

.PARAMETER  OutputFile
Name of the file to output the report to (optional)

.EXAMPLE
PS C:\> Get-NTFSPermissions.ps1 -ComputerName Server01 -Folder D$\Home -OutputFile C:\Scripts\NTFSPermissions.csv

.EXAMPLE
PS C:\> Get-NTFSPermissions.ps1 -Folder D:\Home -Recurse

.NOTES
Author: Jonathan Medd
Date: 07/12/2011
Version: 0.1

#>

[CmdletBinding()]
param(

[Parameter(Position=0)]
[System.String]
$ComputerName = '.',

[Parameter(Position=1,Mandatory=$true,HelpMessage="Name of the NTFS path to retrieve permissions from")]
[System.String]
$Folder,

[Parameter(Position=2)]
[Switch]
$Recurse,

[Parameter(Position=3)]
[System.String]
$OutputFile
)

# Set the Path variable dependent on whether its for a remote machine
if ($ComputerName -eq '.'){
$Path = $Folder
}

else {
$Path = "\\$ComputerName\$Folder"
}

if ($OutputFile){
Get-Childitem $Path -Recurse:$Recurse | ForEach-Object {Get-Acl $_.FullName} | Select-Object @{Name="Path";Expression={$_.PSPath.Substring($_.PSPath.IndexOf(":")+2) }},@{Name="Type";Expression={$_.GetType()}},Owner -ExpandProperty Access | Export-CSV $OutputFile -NoTypeInformation
}

else {
Get-Childitem $Path -Recurse:$Recurse | ForEach-Object {Get-Acl $_.FullName} | Select-Object @{Name="Path";Expression={$_.PSPath.Substring($_.PSPath.IndexOf(":")+2) }},@{Name="Type";Expression={$_.GetType()}},Owner -ExpandProperty Access | Format-Table -AutoSize
}

Obtaining a US Individual Taxpayer Identification Number (ITIN) as a UK Citizen

Update 19/02/2015

Following some recent changes in US tax treaties the original information in this post appears to now be out of date. I received some communication which suggest things have now changed for UK and other citizens. I suggest you don’t take this advice as definitive, but do your own research to confirm it and liaise with the organisation you are working for. 

You will need to submit a W8BEN form. I have enclosed a letter from our Royalty department with the information about whether you need an ITIN, and also a list of countries with reduced tax treaty withholding in the US for your information.

The US Internal Revenue Service (IRS) recently changed its policies to make it easier for non-US residents receiving payment in the US, whose countries have a tax treaty agreement with the United States. The UK is on the list. According to our royalty department:

If the author/royalty recipient resides in a country (i.e. UK) that provides its residents with a tax identification number, then we do not need an ITIN from that person. They just need to enter the number provided to them in their country of residence in line 6 of the W8BEN

For a UK citizen the requested number is your NI number.

————————————————————————————————————————-

OK, this isn’t really technical, but I am blogging it partly so that I can remember how I did it and partly because there is not a lot of information out there on how to to it. If you are a UK based book author with a US based publisher or maybe a UK based academic going out to do some work in a US university you may wish to consider the tax implications of any payment. If you do nothing then likely the following will happen:

  • Tax you pay on your earnings will be paid to the US government, not the country you reside in.
  • The tax rate will be that of the US, at the time of writing this is 30%.

Consequently, you may or may not decide that the above is something you wish to proceed with depending on tax levels in your own country and how much of a desire you have to pay tax to the US government. (No offence my US friends 🙂 )

The UK (and many other countries) have a treaty with the US whereby providing you obtain an Individual Taxpayer Identification Number (ITIN) from the US IRS and supply this to the organisation you have a contract with, the tax will not be deducted at source, rather you would declare it as part of your own earnings in your own country. This is not the easiest thing to obtain and requires many forms to be filled out and much patience waiting for each step to be processed. So here is what you need to do:

1) Obtain a notarised copy of your passport.

You can either submit your passport (yeah right) or a notarised copy of it to the IRS. To obtain a notarised copy of your UK passport (essentially a photocopy of it which has been authenticated by a third-party) you must:

a) Have a copy authenticated by a Notary Public – 1 hour, £20 – 80 (or <£5 if you shop around)

“A Notary, or Notary Public, can authenticate or legalise documents. A Notary can also deal with legalisation or an Apostille, if needed. The services of a Notary Public are usually required when you have documents which are needed for use abroad. The Notary’s signature and seal will verify to the authorities in that country that the relevant checks have been carried out. “

So you need to find a Notary Public to cary this out for you; not all solictors will have one of these so search around. These links may help you find one:

http://www.lawsociety.org.uk/choosingandusing/findasolicitor.law  and http://www.thenotariessociety.org.uk/find-a-notary

The best advice I can offer here is to shop around. I got quotes for everything ranging between £20 – £80, until I found a place local to me offering it at £5 per document. When I visted them it turned out to be £2 – #winning !

You may need to take additional proof of identity with you when you visit the Public Notary.

b) Send this notarised copy to the Foreign & Commonwealth Office to have them stamp it as genuine – 2 weeks, £30

Before sending the notarised copy to the IRS it also needs a stamp of approval from the Foreign & Commonwealth Office.

“Legalisation is the official confirmation that a signature, seal or stamp on a UK public document is genuine. It does not authenticate the content of the document. Legalisation is usually required by foreign authorities before they will allow a UK document to be used for official purposes in their country.”

There is a semi-online process to complete this, i.e. payment online, then a form to download, fill out and post off with the notarised copy of your passport. This should take a few days, mine took around 2 weeks since some follow up with the solicitor was necessary.

2) Complete a W7 form for the IRS – 8 weeks, £0

Fill out the W7 form for the IRS and send it off to them along with the notarised copy of your passport and a copy of your contract of work. They aim to have it back to you within 8 weeks and that was pretty accurate. You will then be in possession of your ITIN.

3) Complete a W-8Ben form and send to your employer

With your ITIN in hand, complete a W-8BEN form and send that to your employer. They will subsequently be able to pay you without deducting US tax.

 

I believe the ITIN is valid for 3 years, so you may need to go through it all again at a later date. I hope that if you have read this far then this information was useful for you.